Mark Stosberg <m...@summersault.com> writes:
> # Explicitly grant access to the view.
> db=> grant select on entities_not_deleted to myuser;
> GRANT
> # Try again to use the view. Still fails
> db=> SELECT 1 FROM entities_not_deleted WHERE some_col = 'y';
> ERROR: permission denied for relation entities
What's failing is that the *owner of the view* needs, and hasn't got,
select access on the entities table. This is a separate check from
whether the current user has permission to select from the view.
Without such a check, views would be a security hole.
regards, tom lane
--
Sent via pgsql-sql mailing list (pgsql-sql@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-sql
