Re: something smells bad - Mailing list pgsql-hackers
| From | Bruce Momjian |
|---|---|
| Subject | Re: something smells bad |
| Date | |
| Msg-id | 200106110428.f5B4SSS15432@candle.pha.pa.us Whole thread Raw |
| In response to | Re: something smells bad (Martín Marqués <martin@bugs.unl.edu.ar>) |
| Responses |
Re: something smells bad
|
| List | pgsql-hackers |
> Sending this to the Hackers list because I think that there may be a bug.
Did you include the smell in the email message? :-)
>
> On Jue 07 Jun 2001 02:27, Alex Pilosov wrote:
> > On Wed, 6 Jun 2001, [iso-8859-1] Mart?n Marqu?s wrote:
> > > OK, now I'm more then astonished!
> > > Why was I able to insert as martin then?
> > > Isn't it true (as the docs say) that when I execute a query over a view
> > > with rules, the rules (querys in the DO of the RULE) are executed with
> > > permssions of the owner of the rule (or the view? Any way, martin is
> > > owner of both) and not of the user that executed the query?
> >
> > No. With both views and rules, the actions are executed as the user who
> > executed the query. I don't know if there are plans to allow the 'execute
> > as owner' for rules, right now this option only exists for the triggers.
>
> Well, after todays tests, I have to say that rules are executed with owner
> privileges, and not users.
> This is the output:
>
> webunl=> \dp
>
> Access permissions for database "webunl"
> Relation | Access permissions
> -----------------------------+------------------------------------------------
> admin_view | {"=r","martin=arwR","group webunl_admin=arwR"}
> admin_view_categ | {"=r","martin=arwR","group webunl_admin=arwR"}
> admin_view_docente | {"=r","martin=arwR","group webunl_admin=arwR"}
> admin_view_facultades | {"=r","martin=arwR","group webunl_admin=arwR"}
> admin_view_materias | {"=r","martin=arwR","group webunl_admin=arwR"}
> admin_view_modal | {"=r","martin=arwR","group webunl_admin=arwR"}
> area | {"=r","martin=arwR"}
> area_id_area_seq |
> carrera | {"=r","martin=arwR"}
> carrera_id_curso_seq | {"=","martin=arwR"}
> categ | {"=r","martin=arwR"}
> categ_id_categ_seq |
> docentes | {"=r","martin=arwR"}
> docentes_id_docente_seq | {"=","martin=arwR"}
> facultad | {"=r","martin=arwR"}
> facultad_id_fac_seq |
> inscripcion | {"=r","martin=arwR"}
> log_carrera | {"=","martin=arwR"}
> log_carrera_id_log_seq | {"=","martin=arwR"}
> materias | {"=r","martin=arwR"}
> materias_id_mat_seq | {"=","martin=arwR"}
> modalidad | {"=r","martin=arwR"}
> nexo_categ | {"=r","martin=arwR"}
> nexo_facultad | {"=r","martin=arwR"}
> niveles | {"=r","martin=arwR"}
> niveles_id_nivel_seq |
> resol | {"=r","martin=arwR"}
> sub_area | {"=r","martin=arwR"}
> sub_area_id_subarea_seq |
> tipo_cursado | {"=r","martin=arwR"}
> tipo_cursado_id_cursado_seq |
> tipo_modal | {"=r","martin=arwR"}
> tipo_modal_id_mod_seq |
> (33 rows)
>
> webunl=> GRANT ALL ON
> carrera_id_curso_seq,docentes_id_docente_seq,log_carrera_id_log_seq,materias_id_mat_seq
> TO GROUP webunl_admin;
> CHANGE
> webunl=> \c webunl mariana
> You are now connected to database webunl as user mariana.
> webunl=> INSERT INTO admin_view
> webunl->
>
(titulo,subarea,descripcion,matricula,nivel,requisitos,duracion,cupos,numero,year,fecha,fecha_ini,fecha_fin,lugar,informes
> ,director,carrera)
> webunl-> VALUES ('y este el tiutulo',14,'descripcion',0,1,'Y bueno, los
> requisitos
> son.....',12,0,34534,2000,'6/6/2000','10/10/2001','30/12/2001','Donde
> webunl'> mas.......','Para mas info, limpie','Quien, yo?','Esta es una
> carrera');
> INSERT 240135 1
> webunl=>
>
> Now, mariana is a member of the webunl_admin group, and before the GRANT to
> all those sequences, the query (INSERT) shes executing here gave an error
> when trying to do a carrera_id_curso_seq:next (is this the right sintax?).
>
> Saludos.... :-)
>
> --
> Cualquiera administra un NT.
> Ese es el problema, que cualquiera administre.
> -----------------------------------------------------------------
> Martin Marques | mmarques@unl.edu.ar
> Programador, Administrador | Centro de Telematica
> Universidad Nacional
> del Litoral
> -----------------------------------------------------------------
>
> ---------------------------(end of broadcast)---------------------------
> TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org
>
-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610)
853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill,
Pennsylvania19026
pgsql-hackers by date: