Обсуждение: Foreign keys and access privileges

Поиск
Список
Период
Сортировка

Foreign keys and access privileges

От
mkresse@slyde.in-berlin.de
Дата:
Hi there,

Before upgrading to postgres 7.0 RC1, I was using a database like 
the following, which worked just fine for me, except for the missing 
referential integrity.

create table users(id INTEGER PRIMARY KEY, name VARCHAR);
create view curuser as select * from users where name = 
USER::varchar;
grant all on curuser to public;
create table choice(userid INTEGER REFERENCES users, data 
INTEGER);
grant all on choice to public;

Now, with Postgres 7.0 RC1, when some user (not the owner of the 
db, of course) tries to update, change or insert anything into 
choice, he gets an error message that says 'Permission denied' for 
table users. 
Is there a way to implement something like this, wthout a 'grant all 
on users to public'?
Is it possible at all to let people change tables, that reference 
other, non accessable tables?

Quick help would be greatly appreciated.
Thanks a lot,Martin

Re: Foreign keys and access privileges

От
Tom Lane
Дата:
mkresse@slyde.in-berlin.de writes:
> Now, with Postgres 7.0 RC1, when some user (not the owner of the 
> db, of course) tries to update, change or insert anything into 
> choice, he gets an error message that says 'Permission denied' for 
> table users. 

IIRC this is a known bug in RC1 (permissions not handled correctly
for foreign key references).  Have you tried it in 7.0 final?
        regards, tom lane

Re: Foreign keys and access privileges

От
mkresse@slyde.in-berlin.de
Дата:
> mkresse@slyde.in-berlin.de writes:
> > Now, with Postgres 7.0 RC1, when some user (not the owner of the 
> > db, of course) tries to update, change or insert anything into 
> > choice, he gets an error message that says 'Permission denied' for 
> > table users. 
> 
> IIRC this is a known bug in RC1 (permissions not handled correctly
> for foreign key references).  Have you tried it in 7.0 final?

Yes, it's still there (in 7.0). Try the following two tables:

create table a(x integer primary key);
create table b(y integer references a);
grant all on b to public;

When someone else than the owner tries an insert into b, he gets 
a 'Permission denied'. For the operation to be successful, he needs 
to have select and update privileges on a.

Ciao,Martin