Travis Bauer wrote:
>
> I have a set of tables and some views which perform calculations on
> those table to which no one except the group officestaff has
> any permissions. No problem.
>
> I tried to create views to which some particular client would have
> permissions. These views would be filtered versions of the private views.
> Herein lies the problem. If any of those underlying veiws call functions
> that access tables to which the user does not have permissions, or if any
> of those underlying views have sub-select statements (such as "where x in
> (select . . . )") the user gets access denied errors.
>
> Is this a feature or a bug? On the one hand, it certainly provides tight
> security. However, it seems like if you give someone permissions on a
> view, that view ought to be allows to perform whatever it needs to get the
> data back out regardless of other underlying permissions.
At least the way it's supposed ot work is that the view is executed
as if by the owner of the view. For example:
table big_customer_db is owned by user "master"
you create a view "active_customer_list" also owned by "master"
now, if you grant someone access to the view, they will be
able to get the data in it, even though they can't query
big_customer_db directly.
Is this what you want?
HTH,
--
Martijn van Oosterhout <kleptog@cupid.suninternet.com>
http://cupid.suninternet.com/~kleptog/
