Samuel Thoraval <samuel.thoraval@xxxxxxxxxxxxx> writes:
I have been trying this example not executing the GRANT UPDATE statement
at first to check that user b doesn't have the right to update. The
problem is that even though B was not granted the update privilege, it
worked anyway. In other words, simply executing " GRANT SELECT ON
b.document TO b;" is sufficient for user b to be able to update the
view, and thus the public.document table for DocumentType = Z.
Anybody has an explanation to this ?
What PG version are you running? This item from the 7.3.6 release notes
seems relevant:
Revert erroneous changes in rule permissions checking
A patch applied in 7.3.3 to fix a corner case in rule permissions
checks turns out to have disabled rule-related permissions checks
in many not-so-corner cases. This would for example allow users to
insert into views they weren't supposed to have permission to
insert into. We have therefore reverted the 7.3.3 patch. The
original bug will be fixed in 8.0.
The first couple of 7.4.x releases had the bug too.
regards, tom lane
I am running verison 7.4.1 . Thanks for the answer. I will update (and
read the release notes ;-) ).