Re: [HACKERS] Here it is - view permissions
| От | jwieck@debis.com (Jan Wieck) |
|---|---|
| Тема | Re: [HACKERS] Here it is - view permissions |
| Дата | |
| Msg-id | m0y6DNi-000BFRC@orion.SAPserv.Hamburg.dsh.de обсуждение исходный текст |
| Ответ на | Re: [HACKERS] Here it is - view permissions (Bruce Momjian <maillist@candle.pha.pa.us>) |
| Ответы |
Re: [HACKERS] Here it is - view permissions
|
| Список | pgsql-hackers |
Bruce wrote:
>
> > This flag is useful anyway. We change the world now that ALL
> > views are overriding the acl checks. If we have this flag we
> > can setup views that behave like before (user cannot see
> > anything through the view he cannot see without) and use the
> > overriding only in cases we need it (like for the pg_user
> > permissions problem). I'll work on it.
>
> OK, but why would anyone want the old behavior?
>
> I guess if you have a table that is not select-able by everyone, and you
> create a view on it, the default permits will allow select to others.
> You would have to set the permit on that view. Is there more to that
> pg_class flag you want to add?
No, there isn't more on that. It's just to be more backward
compatible. Users out there might have already views and
since it wasn't neccessary to set explicit permissions on a
view up to now (views inherited the permissions from all
tables they select), it's unlikely that anyone out there set
them up.
I think it's better to implement something that's a key to
open the door instead of opening it by default and telling
where's the key to lock it back.
Jan
--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#======================================== jwieck@debis.com (Jan Wieck) #
В списке pgsql-hackers по дате отправления: