On fre, 2009-10-30 at 00:49 -0400, Tom Lane wrote: > Peter Eisentraut <pete...@gmx.net> writes: > > There is a gap in the permission scheme for inheritance setups. Say you > > have this: > > > CREATE TABLE persons (...); > > CREATE TABLE employees (...) INHERITS (persons); > > > GRANT SELECT ON persons TO foo; > > > Then user foo can extract who the employees are using > > > SELECT * FROM persons EXCEPT SELECT * FROM ONLY persons; > > And this is a problem why exactly? It's entirely likely that > employee-ness can be determined just from what is visible in > the persons view, anyway. Not to mention tableoid.
Yeah, tableoid is a deal-breaker. But perhaps using ONLY should at least require SELECT privilege, because it effectively allows you to select a subset of the table's rows. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
