The following bug has been logged online:

Bug reference: 1794
Logged by: Sean Burlington
Email address: sean (AT) uncertainty (DOT) org.uk
PostgreSQL version: 7.4
Operating system: Debian GNU/Linux
Description: inheritance removes permissions from the parent table
Details:

Hi,
I'm not sure if this is strictly a bug or just a side effect of
inheritance that could do with being added to the documentation.

If you create a new table that inherits from another table - a user cannot
select from the parent if they cannot select from the child.

To recreate:

as dba
create table a (id int);
grant select on a to auser;
insert into a (id) values (1);

as auser
select * from a;
id
----
1

as dba
create table b (data int) inherits (a);

as auser
select * from a;
ERROR: permission denied for relation b

I didn't expect to need permission for table b in order to select from a...

---------------------------(end of broadcast)---------------------------
TIP 5: don't forget to increase your free space map settings

On Thu, Jul 28, 2005 at 12:48:35PM +0100, Sean Burlington wrote:
I think a more accurate description would be "permissions not
inherited by children," and that isn't necessarily a bug.

[snip]

Records in the child are visible when you select from the parent,
so it follows that you'd need permission on both tables. If you
want only records that are in the parent then use FROM ONLY:

SELECT * FROM ONLY a;

--
Michael Fuhr
http://www.fuhr.org/~mfuhr/

---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match

On Thu, Jul 28, 2005 at 03:56:14PM +0100, Sean Burlington wrote:
Not really, once you understand what's happening. Unless you use
FROM ONLY, selecting from the parent selects from the parent *and*
its children. The parent itself isn't affected, as queries with
FROM ONLY should demonstrate. I understand what you're saying --
that there's an apparent effect on the parent -- but there really
isn't.

Feel free to submit a documentation patch to pgsql-patches :-)

I think you'd have a hard time selling that to the developers,
because a query that returns successfully but with an incomplete
record set isn't solving any problem. If the problem is inadequate
documentation, then the correct solution is to fix the documentation.

--
Michael Fuhr
http://www.fuhr.org/~mfuhr/

---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?

http://www.postgresql.org/docs/faq