>Stephen Frost <sfr...@snowman.net> wrote: > No.. and I'm not sure we ever would. What we *have* done is > removed all permissions checking on child tables when a parent is > being queried.. OK, that clarifies things. Thanks. So, essentially that means that you need to set all ancestor levels to something at least as strict as the intersection of all the permissions on lower levels to avoid exposing something through an ancestor which is restricted in a descendant. And you'd better trust the owner of any table you extend, because they can bypass any attempt to restrict access to the table you create which extends theirs. I hope those security implications are well documented. -Kevin
-- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
