Tom, > BTW, what about lastval()? I'm not sure we can usefully associate any > privilege check with that, since it's not clear which sequence it > applies to. Does it make sense to remember what sequence the value came > from and privilege-check against that, or is that just too weird?
Hmmm. Yet another problem with lastval(). Darn those MySQL migrators! I'd say that lastval() needs to be defined as the superuser with "security definer". Hmmm, although does that carry over to sequences the superuser doesn't own? How are we handling it now? Overal, it's hard to get too concerned about this, since a user can't really get anything out of lastval() if he doesn't have permissions on the sequence he's trying to query, in order to run currval. -- --Josh Josh Berkus Aglio Database Solutions San Francisco ---------------------------(end of broadcast)--------------------------- TIP 4: Have you searched our list archives? http://archives.postgresql.org