On Thu, Dec 16, 2010 at 23:09, Robert Haas <[email protected]> wrote:
> I believe that our project policy is that permissions checks must be
> done at execution time, not parse/plan time.
Oops, yes. I should have said "permission checks for foreign tables
should have done in their own execution". So, additional checks in
each FDW are not required eventually.
In addition, we allow users to read the definition of the columns and
default values even if they don't have SELECT permission. So, I still
think permission checks for the template relation are not required in
the file reader API. But we need the checks in COPY FROM command because
the relation is used not only as a template but also as a target.
=> SELECT * FROM tbl;
ERROR: permission denied for relation tbl
=> \d+ tbl
Table "public.tbl"
Column | Type | Modifiers | Storage | Description
--------+---------+-----------+---------+-------------
i | integer | | plain |
j | integer | default 5 | plain |
Has OIDs: no
--
Itagaki Takahiro
--
Sent via pgsql-hackers mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
