Postgres Pro
Downloads
Home   >   mailing lists

Thread: BUG #15081: pg_hba_file_rules permission issue

BUG #15081: pg_hba_file_rules permission issue

From
PG Bug reporting form
Date:
The following bug has been logged on the website:

Bug reference:      15081
Logged by:          Joby John
Email address:      jobyjc@gmail.com
PostgreSQL version: 10.2
Operating system:   Windows 10
Description:

Hi,
To get access to pg_hba_file_rules view, user needs execute privilege on
pg_hba_file_rules() function too.

But I think this is not the normal behaviour as I can give access to
pg_shadow view without granting access to pg_authid table even though
pg_authid is used inside pg_shadow.

Kind Regards,
Joby

Re: BUG #15081: pg_hba_file_rules permission issue

From
"David G. Johnston"
Date:
On Fri, Feb 23, 2018 at 8:06 AM, PG Bug reporting form <noreply@postgresql.org> wrote:
The following bug has been logged on the website:

Bug reference:      15081
Logged by:          Joby John
Email address:      jobyjc@gmail.com
PostgreSQL version: 10.2
Operating system:   Windows 10
Description:

Hi,
To get access to pg_hba_file_rules view, user needs execute privilege on
pg_hba_file_rules() function too.

But I think this is not the normal behaviour as I can give access to
pg_shadow view without granting access to pg_authid table even though
pg_authid is used inside pg_shadow.

​pg_authid is a table/view while pg_hba_file_rules() is a function.  For better and worse functions always execute as the user running the query while access to tables and views is done as the owner of the view. being accessed.

David J.

Re: BUG #15081: pg_hba_file_rules permission issue

From
Joby John
Date:
Thank you for your response. 

On 23 Feb 2018 3:13 pm, "David G. Johnston" <david.g.johnston@gmail.com> wrote:
On Fri, Feb 23, 2018 at 8:06 AM, PG Bug reporting form <noreply@postgresql.org> wrote:
The following bug has been logged on the website:

Bug reference:      15081
Logged by:          Joby John
Email address:      jobyjc@gmail.com
PostgreSQL version: 10.2
Operating system:   Windows 10
Description:

Hi,
To get access to pg_hba_file_rules view, user needs execute privilege on
pg_hba_file_rules() function too.

But I think this is not the normal behaviour as I can give access to
pg_shadow view without granting access to pg_authid table even though
pg_authid is used inside pg_shadow.

​pg_authid is a table/view while pg_hba_file_rules() is a function.  For better and worse functions always execute as the user running the query while access to tables and views is done as the owner of the view. being accessed.

David J.