[HACKERS] Query regarding permission on table_column%type access
| От | Neha Sharma |
|---|---|
| Тема | [HACKERS] Query regarding permission on table_column%type access |
| Дата | |
| Msg-id | CANiYTQtKptMZqdqB5LESv6xQwkRLw8+3pZvk3oJvCK8zNhjBBQ@mail.gmail.com обсуждение исходный текст |
| Ответы |
Re: [HACKERS] Query regarding permission on table_column%type access
|
| Список | pgsql-hackers |
Hi,
I have observed that even if the user does not have permission on a table(created in by some other user),the function parameter still can have a parameter of that table_column%type.Scenario:
postgres=# create user u1 with login ;
CREATE ROLE
postgres=# create user u2 with login ;
CREATE ROLE
postgres=# \c - u1
You are now connected to database "postgres" as user "u1".
postgres=> create table t1(a int);
CREATE TABLE
postgres=> revoke ALL on t1 from u2;
REVOKE
postgres=> \c - u2
You are now connected to database "postgres" as user "u2".
postgres=> create table t2(a int);
CREATE TABLE
postgres=> create or replace function foo(x t1.a%type) returns int as $$
BEGIN
return x + 1;
END;
$$ LANGUAGE plpgsql;
NOTICE: type reference t1.a%TYPE converted to integer
CREATE FUNCTION
postgres=> select foo(1);
foo
-----
2
(1 row)
postgres=> select * from t1;
ERROR: permission denied for relation t1
Is this an expected behaviour? What if the user does not wants the object type to be accessed across?
Thanks.
--
Regards,
Neha Sharma
Neha Sharma
В списке pgsql-hackers по дате отправления: