Re: leaky views, yet again
Stephen Frost <sfrost@snowman.net>
From: Stephen Frost <sfrost@snowman.net>
To: Greg Stark <gsstark@mit.edu>
Cc: Robert Haas <robertmhaas@gmail.com>, Tom Lane <tgl@sss.pgh.pa.us>, KaiGai Kohei <kaigai@kaigai.gr.jp>, KaiGai Kohei <kaigai@ak.jp.nec.com>, Itagaki Takahiro <itagaki.takahiro@gmail.com>, Heikki Linnakangas <heikki.linnakangas@enterprisedb.com>, pgsql-hackers@postgresql.org
Date: 2010-10-05T18:15:20Z
Lists: pgsql-hackers
* Greg Stark (gsstark@mit.edu) wrote: > Though I find it unlikely the sales people would have direct access to > run arbitrary SQL -- let alone create custom functions. I'm not really sure why..? Perhaps not quite the same, but I've got quite a few users who have direct SQL access (though they use ODBC on their side, typically, there's nothing which forces them to) and I'd certainly like to have the views that I've created which do row-level filtering work correctly. It's not to the point where I've started using set-returning functions, but it's really not a situation I like being in. :/ > If the users that have select access on the view don't have DDL access > doesn't that make them leak-proof for those users? Yeah.. I feel like we 'fixed' that whole problem with DO in any case.. Thanks, Stephen