On Sun, 2009-10-04 at 11:56 -0700, Josh Berkus wrote: > Except ... I can imagine a multi-tenant setup where certain ROLEs only > have permissions on some child relations, but not others. So we'd want > to still enable a permissions check on a child when the child is called > directly rather than through the parent.
Well, when you access the child, it doesn't care whether it has a parent. So this is equivalent to checking permissions before accessing a table, period. I think we'll keep that. ;-) > And we'd want to hammer this to death looking for ways it can be a > security exploit. Like, could you make a table into the parent of an > existing table you didn't have permissions on? I don't think so, but you're free to hammer. ;-) -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers