Re: [HACKERS] Here it is - view permissions
| От | jwieck@debis.com (Jan Wieck) |
|---|---|
| Тема | Re: [HACKERS] Here it is - view permissions |
| Дата | |
| Msg-id | m0y76Lv-000BFRC@orion.SAPserv.Hamburg.dsh.de обсуждение исходный текст |
| Ответ на | Re: [HACKERS] Here it is - view permissions ("Oliver Elphick" <olly@lfix.co.uk>) |
| Список | pgsql-hackers |
Oliver Elphick wrote:
>
> Bruce Momjian wrote:
> >All tables are created with default permissions for SELECT to PUBLIC, =
> so
> >views are no different.
>
> Is this not contrary to the SQL standard? I understood that SQL tables
> are created with permissions for their creator only; any permissions for
> other users must be granted explicitly. According to "SQL The Standard
> Handbook" (Cannan & Otten, 1993), the owner of the schema in which a tabl=
> e
> is created is given a full set of privileges, and no other user can acces=
> s
> the table or even discover that it exists!
^^^^^^^^^^^^^^!!!
Ha!
The next table we must hide and create a view on :-)
This time the view must check if the user has at least SELECT
permission on the table/view and hide rows. More tricky -
I'll try to work it out. But not doday - I'm tired and I know
what can happen then (saying '... and make even this little
thing' at 23:00 to reach the state of 22:59 at 04:00 :-).
Good night to all!
But a last word: There are even more such tables as the
tables/views are also reflected in pg_attributes, pg_rewrite
and so on. Even if here only the Oid shows up.
If we really want to get all this up to the highest level, we
need sometimes a proacl field in pg_proc ... *Ack* - Bruce,
*Outch* - no - not the pumpgun - *Help*
:-)
>
> It certainly seems undesirable to give automatic access to data of unknow=
> n
> sensitivity. Surely the default permission should be for the table's
> creator alone or for the owner of the PostgreSQL database (which I suppos=
> e =
>
> is equivalent to the `schema').
>
> I see that Jan Wieck has posted a method for preventing world readability=
> ;
> perhaps this should just be flagged as a configurable option.
But configurable at compile time - not a runtime option
please.
Jan
--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#======================================== jwieck@debis.com (Jan Wieck) #
В списке pgsql-hackers по дате отправления: