On Mon, Oct 22, 2018 at 12:05 PM Amit Langote <langote_amit...@lab.ntt.co.jp> wrote: > > Hi, > > On 2018/10/22 14:41, Stephen Frost wrote: > > Greetings, > > > > * Dilip Kumar (dilipbal...@gmail.com) wrote: > >> As part of the security fix > >> (e2d4ef8de869c57e3bf270a30c12d48c2ce4e00c), we have restricted the > >> users from accessing the statistics of the table if the user doesn't > >> have privileges on the table and the function is not leakproof. Now, > >> as a side effect of this, if the user has the privileges on the root > >> partitioned table but does not have privilege on the child tables, the > >> user will be able to access the data of the child table but it won't > >> be able to access the statistics of the child table. This may result > >> in a bad plan. I am not sure what should be the fix. Should we > >> allow to access the statistics of the table if a user has privilege on > >> its parent table? > > > > Yes... If the user has access to the parent table then they can see the > > child tables, so they should be able to see the statistics on them. > > Yeah, but I'd think only if access the child tables are being accessed via > the parent table.
I agree. -- Regards, Dilip Kumar EnterpriseDB: http://www.enterprisedb.com
