Thread

  1. Bad rights working in referential integrity?

    PostgreSQL Bugs List <pgsql-bugs@postgresql.org> — 2001-01-17T10:50:57Z

    Ing. Pavel Janousek (janousek@fonet.cz) reports a bug with a severity of 2
    The lower the number the more severe it is.
    
    Short Description
    Bad rights working in referential integrity?
    
    Long Description
    I have two tables:
    create table a(id serial primary key, t text);
    create table b(id int references a, t text);
    
    I have defined user 'reader', which can ONLY read data from table 'a' and may insert to table 'b' and full rights have different user.
    
    So, I think that the rights granted to user 'reader' may be:
    SELECT to table 'a' and INSERT to table 'b'. But now I must grant UPDATE/DELETE on table 'a' otherwise, reader isn't able insert row(s) to 'b' - Permision denied...:-( I don't know why 'reader' may have DELETE/UPDATE permitions on table 'a'... 
    
    Sample Code
    as user 'temp':
    create table a(id serial primary key, t text);
    create table b(id int references a, t text);
    revoke all on a from public;
    revoke all on b from public;
    grant select on a to "reader";
    grant INSERT on b to "reader";
    insert into a(t) values ('pom');
    
    \z shows:
    Access permissions for database "pp"
      Relation  | Access permissions
    ------------+--------------------
     a          | {"=","reader=r"}
     a_id_seq   |
     b          | {"=","reader=a"}
    
    Owner of database 'pp' is 'temp'
    
    Now as user 'reader':
    pp=> insert into b values (1, 'p');
    ERROR:  a: Permission denied.
    pp=>
    
    
    No file was uploaded with this report