Обсуждение: FK cascade delete permissions Q

Поиск
Список
Период
Сортировка

FK cascade delete permissions Q

От
Wells Oliver
Дата:
I have a user who created a table B with an FK constraint to table A with CASCADE DELETE, but receives a permission denied error on A.

It seems odd to me. The FK constraint is not deleting from A, it's ensuring a delete from B, for which the user has permission.

What am I missing?

--

Re: FK cascade delete permissions Q

От
"David G. Johnston"
Дата:
On Fri, Jan 29, 2021 at 11:57 AM Wells Oliver <wells.oliver@gmail.com> wrote:
I have a user who created a table B with an FK constraint to table A with CASCADE DELETE, but receives a permission denied error on A.

It seems odd to me. The FK constraint is not deleting from A, it's ensuring a delete from B, for which the user has permission.

What am I missing?


Has nothing to do with the choice to specify cascade delete.

The documentation for references says:

The user must have REFERENCES permission on the referenced table (either the whole table, or the specific referenced columns).

Without such permissions a record in B would present a denial of service on the ability to remove a record from table A by a user without any permissions on table A.

David J.

Re: FK cascade delete permissions Q

От
Wells Oliver
Дата:
Ah, doh, thank you. Of course that's it.

On Fri, Jan 29, 2021 at 11:12 AM David G. Johnston <david.g.johnston@gmail.com> wrote:
On Fri, Jan 29, 2021 at 11:57 AM Wells Oliver <wells.oliver@gmail.com> wrote:
I have a user who created a table B with an FK constraint to table A with CASCADE DELETE, but receives a permission denied error on A.

It seems odd to me. The FK constraint is not deleting from A, it's ensuring a delete from B, for which the user has permission.

What am I missing?


Has nothing to do with the choice to specify cascade delete.

The documentation for references says:

The user must have REFERENCES permission on the referenced table (either the whole table, or the specific referenced columns).

Without such permissions a record in B would present a denial of service on the ability to remove a record from table A by a user without any permissions on table A.

David J.



--