Re: view permissions problem - featuer or bug?
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Travis Bauer <trbauer@indiana.edu>
Cc: Martijn van Oosterhout <kleptog@cupid.suninternet.com>, pgsql-general@postgresql.org
Date: 2000-07-09T00:34:18Z
Lists: pgsql-general
Travis Bauer <trbauer@indiana.edu> writes: > That part works okay, but here is a more complicated situation that > doesn't: > create user user1; > create table t1 (x int, y int); > create table t2 (a int, y int); > create view v1 as select * from t1 where x in (select a from t2); > ------------------ > create view v2 as select * from v1 where x>3; > revoke all on t1 from public; > revoke all on t2 from public; > revoke all on v1 from public; > revoke all on v2 from public; > grant select on v2 to user1; > \c - user1 > select * from v2; > ====> v1: Permission denied. > The problem occurs because of the nested select underlined above. I agree, this is a bug. The rewriter checks access permissions on the basis of the rule's creator, not of the rule's invoker --- but it only does so at the top level of the rule query. It forgets to recurse into subqueries :-(. Fairly easy fix, will work on it for 7.1. regards, tom lane