view permissions problem - featuer or bug?

I have a set of tables and some views which perform calculations on
those table to which no one except the group officestaff has
any permissions.  No problem.

I tried to create views to which some particular client would have
permissions.  These views would be filtered versions of the private views.
Herein lies the problem.  If any of those underlying veiws call functions
that access tables to which the user does not have permissions, or if any
of those underlying views have sub-select statements (such as "where x in
(select . . . )") the user gets access denied errors.

Is this a feature or a bug?  On the one hand, it certainly provides tight
security.  However, it seems like if you give someone permissions on a
view, that view ought to be allows to perform whatever it needs to get the
data back out regardless of other underlying permissions.

----------------------------------------------------------------
Travis Bauer | CS Grad Student | IU |www.cs.indiana.edu/~trbauer
----------------------------------------------------------------