The following bug has been logged online: Bug reference: 5214 Logged by: Nikolay Email address: whee...@gmail.com PostgreSQL version: 8.4.1 Operating system: Gentoo Linux Description: Permission troubles for views Details:
There is two users in database: user_a and user_b. user_a is an owner of current schema. Table "tbl_data": ALTER TABLE "tbl_data" OWNER TO user_a; REVOKE SELECT, INSERT, UPDATE, DELETE ON TABLE "tbl_data" FROM user_a; GRANT REFERENCES, TRIGGER ON TABLE "tbl_data" TO user_a; GRANT ALL ON TABLE "tbl_data" TO user_b; Execute query as user_a: SELECT * FROM "tbl_data"; - permission denied for relation tbl_data. This is correct. user_a can't select from table tbl_data. Execute query as user_b: SELECT * FROM "tbl_data"; - returns rows from table. This is correct. user_b can select from table tbl_data. View "vw_data": CREATE VIEW "vw_data" as select * from "tbl_data"; ALTER TABLE "vw_data" OWNER TO user_a; REVOKE SELECT, INSERT, UPDATE, DELETE ON TABLE "vw_data" FROM user_a; GRANT ALL ON TABLE "vw_data" TO user_b; Execute query as user_a: SELECT * FROM "vw_data"; - permission denied for relation vw_data. This is correct. Execute query as user_b: SELECT * FROM "vw_data"; - permission denied for relation tbl_data. But permissions say that user_b can select from tbl_data and from vw_data. -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
