Re: [HACKERS] SELECT currval('SEQ') broken?
| От | jwieck@debis.com (Jan Wieck) |
|---|---|
| Тема | Re: [HACKERS] SELECT currval('SEQ') broken? |
| Дата | |
| Msg-id | m0y7xE1-000BFRC@orion.SAPserv.Hamburg.dsh.de обсуждение исходный текст |
| Ответ на | Re: [HACKERS] SELECT currval('SEQ') broken? ("Vadim B. Mikheev" <vadim@sable.krasnoyarsk.su>) |
| Список | pgsql-hackers |
>
> Michael J. Rogan wrote:
> >
> > Hello
> >
> > I like the added security of 6.3 however how do you grant access to
> > SELECT currval('SEQ') AS id
> > I get a permission error on seq.currval?
> >
> > I figured out how to use CVSUP so I am grabbing the latest version.
> >
> > If this is fixed in it then great otherwise any ideas?
>
> I don't remember - did we NO_ACCESS to a table for public
> as default or not ?
We did so. Default is now NO_ACCESS for public but SELECT
granted for public on IsSystemRelationName() where no
explicit ACL is set. So all tables and views prefixed pg_
are readable by default and must still be revoked if you
don't want them public readable. All other tables and
views are private.
> If yes then you have to GRANT permissions on sequences...
Checked that and it works. The creator of the sequence is
the owner and can do anything by default (superuser too).
GRANT SELECT ON seq permitts to get currval() from sequence.
GRANT SELECT, UPDATE ON seq permitts to get nextval().
Great to see that new security code works also for an area
that we didn't thought about.
Jan
--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#======================================== jwieck@debis.com (Jan Wieck) #
В списке pgsql-hackers по дате отправления: