The following bug has been logged online: Bug reference: 4350 Logged by: Brendan O'Shea Email address: [EMAIL PROTECTED] PostgreSQL version: 8.2.9 Operating system: linux-2.4 and windows XP Description: 'select' acess given to views containing "union all" even though user has no grants Details:
There appears to be a bug in the way that permissions are determined for views that contain "UNION ALL" in their definition. There is a simple test case to reproduce the bug. 1) As a superuser create the following objects: CREATE ROLE test_perm LOGIN PASSWORD 'test_perm'; CREATE OR REPLACE VIEW public.simple_select AS SELECT 1; CREATE OR REPLACE VIEW public.union_all AS SELECT 1 UNION ALL SELECT 2; 2) Now log in as the test_perm user and run the following SQL: select * from public.simple_select; select * from public.union_all; The first SQL statement correctly produces an error, but the second statement will return results with no error, it should instead generate a permission error. -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs