 | |
Re: [BUGS] BUG #1794: inheritance removes permissions from the parent
mailing.database.pgsql-bugs mailing.database.pgsql-bugs
 |
| | Thread Tools | Display Modes |
#1
 
| |||
| |||
|
Re: [BUGS] BUG #1794: inheritance removes permissions from the parent -
07-29-2005
, 08:09 AM
|
On Thu, Jul 28, 2005 at 12:48:35PM +0100, Sean Burlington wrote: Description: inheritance removes permissions from the parent table I think a more accurate description would be "permissions not inherited by children," and that isn't necessarily a bug. |
being inherited: the parent is affected.
[snip]
Quote:
|
Records in the child are visible when you select from the parent, so it follows that you'd need permission on both tables. If you want only records that are in the parent then use FROM ONLY: SELECT * FROM ONLY a; |
I was experimenting with inheritance for the first time and for me this
effect was a real suprise.
It would be handy if this was in the documentation for anyone else who
comes across this issue
Would it be possible to allow the usual select and just return the
records the user has permission for - possibly along with a warning
about the child table?
--
Sean
---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend
#2
| |||
| |||
|
|
On Thu, Jul 28, 2005 at 03:56:14PM +0100, Sean Burlington wrote: Michael Fuhr wrote: On Thu, Jul 28, 2005 at 12:48:35PM +0100, Sean Burlington wrote: Description: inheritance removes permissions from the parent table I think a more accurate description would be "permissions not inherited by children," and that isn't necessarily a bug. I agree it may not be a bug - but it's more than the permissions not being inherited: the parent is affected. Not really, once you understand what's happening. Unless you use FROM ONLY, selecting from the parent selects from the parent *and* its children. The parent itself isn't affected, as queries with FROM ONLY should demonstrate. I understand what you're saying -- that there's an apparent effect on the parent -- but there really isn't. It would be handy if this was in the documentation for anyone else who comes across this issue Feel free to submit a documentation patch to pgsql-patches :-) |
I hope it's OK - I'm afraid I didn't spend too much time looking at the
best way to contribute patches and just went ahead and made one ...
--
Sean
--------------060003080509040706080803
Content-Type: text/x-patch;
name="ddl-sgml.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="ddl-sgml.patch"
Index: doc/src/sgml/ddl.sgml
================================================== =================
RCS file: /projects/cvsroot/pgsql/doc/src/sgml/ddl.sgml,v
retrieving revision 1.42
diff -u -F^f -r1.42 ddl.sgml
--- doc/src/sgml/ddl.sgml 14 Jul 2005 06:17:35 -0000 1.42
+++ doc/src/sgml/ddl.sgml 31 Jul 2005 16:12:54 -0000
@@ -1117,6 +1117,17 @@
support this <quote>ONLY</quote> notation.
</para>
+
+<note>
+ <title>Inheritance and Permissions</title>
+ <para>
+ Because permissions are not inherited automatically a user attempting to access
+ a parent table must either have at least the same permission for the child table
+ or must use the <quote>ONLY</quote> notation. If creating a new inheritance
+ relationship in an existing system be careful that this does not create problems.
+ </para>
+</note>
+
<note>
<title>Deprecated</title>
<para>
--------------060003080509040706080803
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster
--------------060003080509040706080803--
|
« Previous Thread
|
Next Thread »
| Thread Tools | |
| Display Modes | |
Linear Mode
| |
Powered by vBulletin Version 3.5.3
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.