KaiGai Kohei napsal(a): > I tried to check the default ACL behavior. > > It works for me fine, good, but ... > > postgres=> SELECT * INTO t3 FROM t1; > SELECT > postgres=> SELECT * FROM t3; > a | b > ---+----- > 1 | aaa > 2 | bbb > (2 rows) > > postgres=> INSERT INTO t3 VALUES (3,'ccc'); > ERROR: permission denied for relation t3 > > In this case, the new table t3 is created with the default ACL which does not > allow to insert any values by the owner of the relation. > > SELECT INTO does not check ACL_INSERT on the newly created tables, because > we had been able to assume the table owner always has privilege to insert > values into the new table. > So, OpenIntoRel() didn't check this obvious privilege. > > But the default ACL feature breaks this assumption. The table owner may not > have privilege to insert values into new tables. > So, it is necessary to put actual access controls on the OpenIntoRel(). >
That's strange behavior I agree. However I don't see how default ACLs changed it in any way, owner could REVOKE his privileges before. -- Regards Petr Jelinek (PJMODOS) -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
