Re: [HACKERS] Priviliges on tables and views
Vadim B. Mikheev <vadim@sable.krasnoyarsk.su>
From: "Vadim B. Mikheev" <vadim@sable.krasnoyarsk.su>
To: "D'Arcy J.M. Cain" <darcy@druid.net>
Cc: pgsql-hackers@postgreSQL.org
Date: 1998-01-14T03:19:50Z
Lists: pgsql-hackers
D'Arcy J.M. Cain wrote: > > REVOKE ALL ON account FROM PUBLIC; > > CREATE VIEW passwd AS SELECT uid, login, bid, gcos, home, shell > FROM account WHERE a_active = 't'; > > REVOKE ALL ON passwd FROM PUBLIC; > GRANT SELECT ON passwd TO PUBLIC; > > Unfortunately this doesn't work. The VIEW inherits the permissions > from the table it is a view of. It seems to me that allowing a view > to define permissions separately from its parent would be a useful > thing. So, does anyone know if this behaviour is allowed by the > SQL spec and if it is allowed, would this be difficult to do? This is allowed by SQL and this is very useful thing. Not easy to implement: views are handled by RULES - after parsing and before planning, - but permissions are checked by executor (execMain.c:InitPlan()->ExecCheckPerms()). Vadim