On Jul 6, 2006, at 11:02 AM, Phil Frost wrote:
I hope the above example is strong enough to elicit a comment from a
qualified developer. If it is not, consider that stored procedures
contain prepared statements, and many client applications cache prepared statements as well. Thus, revoking usage on a schema is about as good as
nothing until all sessions have ended. It also means that any function
which operates with OIDs can potentially bypass the schema usage check.

I'm pretty sure that's by design, especially given this tidbit of the docs:

"Essentially this allows the grantee to "look up" objects within the schema."

Though perhaps the intention is to change this once we have a means to invalidate plans.

The docs probably should elaborate that once something's been looked up you no longer need permissions on the schema it resides in.
Jim C. Nasby, Sr. Engineering Consultant      [EMAIL PROTECTED]
Pervasive Software      http://pervasive.com    work: 512-231-6117
vcard: http://jim.nasby.net/pervasive.vcf       cell: 512-569-9461

---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?


Reply via email to