Re: [HACKERS] something smells bad

On Thu, 7 Jun 2001, [iso-8859-1] Mart�n Marqu�s wrote:

> On Jue 07 Jun 2001 02:27, Alex Pilosov wrote:
> > On Wed, 6 Jun 2001, [iso-8859-1] Mart�n Marqu�s wrote:
> > > OK, now I'm more then astonished!
> > > Why was I able to insert as martin then?
> > > Isn't it true (as the docs say) that when I execute a query over a view
> > > with rules, the rules (querys in the DO of the RULE) are executed with
> > > permssions of the owner of the rule (or the view? Any way, martin is
> > > owner of both) and not of the user that executed the query?
> >
> > No. With both views and rules, the actions are executed as the user who
> > executed the query. I don't know if there are plans to allow the 'execute
> > as owner' for rules, right now this option only exists for the triggers.
>
> Well, after todays tests, I have to say that rules are executed with owner
> privileges, and not users.
> This is the output:
*mutter* I was mistaken, indeed, views are executed with permissions of
owner of the view.

-alex