Samuel Thoraval <samuel.thoraval@xxxxxxxxxxxxx> writes:
> I have been trying this example not executing the GRANT UPDATE statement
> at first to check that user b doesn't have the right to update. The
> problem is that even though B was not granted the update privilege, it
> worked anyway. In other words, simply executing " GRANT SELECT ON
> b.document TO b;" is sufficient for user b to be able to update the
> view, and thus the public.document table for DocumentType = Z.
> Anybody has an explanation to this ?
What PG version are you running? This item from the 7.3.6 release notes
seems relevant:
Revert erroneous changes in rule permissions checking
A patch applied in 7.3.3 to fix a corner case in rule permissions
checks turns out to have disabled rule-related permissions checks
in many not-so-corner cases. This would for example allow users to
insert into views they weren't supposed to have permission to
insert into. We have therefore reverted the 7.3.3 patch. The
original bug will be fixed in 8.0.
The first couple of 7.4.x releases had the bug too.
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo@xxxxxxxxxxxxxx so that your
message can get through to the mailing list cleanly
