Search Postgresql Archives

Re: Hot to restrict access to subset of data

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 






Tom Lane a écrit :
Samuel Thoraval <samuel.thoraval@xxxxxxxxxxxxx> writes:
  
I have been trying this example not executing the GRANT UPDATE statement 
at first to check that user b doesn't have the right to update. The 
problem is that even though B was not granted the update privilege, it 
worked anyway. In other words, simply executing " GRANT SELECT ON 
b.document TO b;" is sufficient for user b to be able to update the 
view, and thus the public.document table for DocumentType = Z.
    

  
Anybody has an explanation to this ?
    

What PG version are you running?  This item from the 7.3.6 release notes
seems relevant:

     Revert erroneous changes in rule permissions checking

     A patch applied in 7.3.3 to fix a corner case in rule permissions
     checks turns out to have disabled rule-related permissions checks
     in many not-so-corner cases. This would for example allow users to
     insert into views they weren't supposed to have permission to
     insert into. We have therefore reverted the 7.3.3 patch. The
     original bug will be fixed in 8.0.

The first couple of 7.4.x releases had the bug too.

			regards, tom lane

  
I am running verison 7.4.1 . Thanks for the answer. I will update (and read the release notes ;-) ).

Cheers,

Sam

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux