Re: Re: [SQL] Foreign keys breaks tables permissions
Hannu Krosing <hannu@tm.ee>
From: Hannu Krosing <hannu@tm.ee>
To: Hiroshi Inoue <Inoue@tpf.co.jp>, Tom Lane <tgl@sss.pgh.pa.us>, Stephan Szabo <sszabo@kick.com>, pgsql-hackers@postgresql.org
Date: 2000-05-19T15:15:53Z
Lists: pgsql-bugs, pgsql-hackers
Hannu Krosing wrote:
>
> Hiroshi Inoue wrote:
> >
> > Tom Lane wrote:
> >
> > > "Stephan Szabo" <sszabo@kick.com> writes:
> > > > I believe the reason that the trigger does a select for update was
> > > > because otherwise there could exist a case that we select and see it
> > > > and then have the row go away afterwards because nothing stops the
> > > > delete.
> > >
> > > Probably the denial-of-service argument is the weakest of the three
> > > points. Is anyone in favor of reducing SELECT FOR UPDATE to only
> > > requiring "SELECT" rights, and living with the possible lock-that-
> > > you-shouldn't-really-have-been-able-to-get issue?
> > >
> >
> > But what about DELETE CASCADE cases for exmaple ?
> > Maybe RI_trigger should be able to update/insert/delete
> > the referenced table.
> > However another kind of permission for foreign key
> > seems to be needed. i.e only granted users could
> > define foreign key of the referenced table in CREATE
> > (ALTER) TABLE command.
>
> IIRC this is even in the SQL standard as a separate right (maybe REFERENCES ?)
Here's from SQL92 draft:
We should at least consider it when designing our GRANT system
.........
4.26 Privileges
A privilege authorizes a given category of <action> to be per-
formed on a specified base table, view, column, domain,
character
set, collation, or translation by a specified <authorization
iden-
tifier>. The mapping of <authorization identifier>s to
operating
system users is implementation-dependent. The <action>s that
can be
specified are:
- INSERT
- INSERT (<column name list>)
- UPDATE
- UPDATE (<column name list>)
- DELETE
- SELECT
- REFERENCES
- REFERENCES (<column name list>)
- USAGE
.......
A privilege descriptor with an action of INSERT, UPDATE,
DELETE,
SELECT, or REFERENCES is called a table privilege descriptor
and
identifies the existence of a privilege on the table identified
by
the privilege descriptor.
A privilege descriptor with an action of SELECT (<column name
list>), INSERT (<column name list>), UPDATE (<column name
list>),
or REFERENCES (<column name list>) is called a column privilege
de-
scriptor and identifies the existence of a privilege on the
column
in the table identified by the privilege descriptor.
Note: In this International Standard, a SELECT column privilege
cannot be explicitly granted or revoked. However, for the sake
of compatibility with planned future language extensions,
SELECT
column privilege descriptors will appear in the Information
Schema.
A table privilege descriptor specifies that the privilege iden-
tified by the action (unless the action is DELETE) is to be au-
tomatically granted by the grantor to the grantee on all
columns
subsequently added to the table.
A privilege descriptor with an action of USAGE is called a
usage
privilege descriptor and identifies the existence of a
privilege on
the domain, character set, collation, or translation identified
by
the privilege descriptor.
A grantable privilege is a privilege associated with a schema
that
may be granted by a <grant statement>.
The phrase applicable privileges refers to the privileges
defined
by the privilege descriptors that define privileges granted to
the
current <authorization identifier>.
The set of applicable privileges for the current <authorization
identifier> consists of the privileges defined by the privilege
descriptors associated with that <authorization identifier> and
the privileges defined by the privilege descriptors associated
with
PUBLIC.
Privilege descriptors that represent privileges for the owner
of
an object have a special grantor value, "_SYSTEM". This value
is
reflected in the Information Schema for all privileges that
apply
to the owner of the object.
........
11.36 <grant statement>
Function
Define privileges.
Format
<grant statement> ::=
GRANT <privileges> ON <object name>
TO <grantee> [ { <comma> <grantee> }... ]
[ WITH GRANT OPTION ]
<object name> ::=
[ TABLE ] <table name>
| DOMAIN <domain name>
| COLLATION <collation name>
| CHARACTER SET <character set name>
| TRANSLATION <translation name>
-----------
Hannu