Re: BUG #5147: DBA can not access view
| От | hx.li |
|---|---|
| Тема | Re: BUG #5147: DBA can not access view |
| Дата | |
| Msg-id | hclfn1$h3e$1@news.hub.org обсуждение исходный текст |
| Ответ на | Re: BUG #5147: DBA can not access view ("hx.li" <fly2nn@126.com>) |
| Ответы |
Re: BUG #5147: DBA can not access view
|
| Список | pgsql-bugs |
Q1: Who can explain the privilage of the superuser ? In postgresql's document£¬Part VI. Reference,SQL Commands,GRANT, it said: It should be noted that database superusers can access all objects regardless of object privilege settings. Q2: Why PostgreSQL check whether the view1'sowner had peivilage for tb2 when run "select * from view1;" ? (Dongni's test case) In Dongni's test case, current user is superuser when run "select * from view1;" . Reading the pg_class_aclmask() in aclchk.c, I found PG claim the current object's owner(current object is view1) should have the select privilage for table tb2. I dno't usderstant why do it so? regards, hx.li "Tom Lane" <tgl@sss.pgh.pa.us> дÈëÏûÏ¢ÐÂÎÅ:7536.1256911178@sss.pgh.pa.us... > No, that would be a bad idea. Your proposal essentially means that it's > impossible for a superuser to give up rights when calling a setuid > function or view. That would be a serious security hazard. > > regards, tom lane > > -- > Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-bugs >
В списке pgsql-bugs по дате отправления: