Ing. Pavel Janousek (janousek@fonet.cz) reports a bug with a severity of 2
The lower the number the more severe it is.
Short Description
Bad rights working in referential integrity?
Long Description
I have two tables:
create table a(id serial primary key, t text);
create table b(id int references a, t text);
I have defined user 'reader', which can ONLY read data from table 'a' and may insert to table 'b' and full rights have
differentuser.
So, I think that the rights granted to user 'reader' may be:
SELECT to table 'a' and INSERT to table 'b'. But now I must grant UPDATE/DELETE on table 'a' otherwise, reader isn't
ableinsert row(s) to 'b' - Permision denied...:-( I don't know why 'reader' may have DELETE/UPDATE permitions on table
'a'...
Sample Code
as user 'temp':
create table a(id serial primary key, t text);
create table b(id int references a, t text);
revoke all on a from public;
revoke all on b from public;
grant select on a to "reader";
grant INSERT on b to "reader";
insert into a(t) values ('pom');
\z shows:
Access permissions for database "pp"
Relation | Access permissions
------------+--------------------
a | {"=","reader=r"}
a_id_seq |
b | {"=","reader=a"}
Owner of database 'pp' is 'temp'
Now as user 'reader':
pp=> insert into b values (1, 'p');
ERROR: a: Permission denied.
pp=>
No file was uploaded with this report