Peter Eisentraut writes:
> On fre, 2009-10-30 at 00:49 -0400, Tom Lane wrote:
>> And this is a problem why exactly? It's entirely likely that
>> employee-ness can be determined just from what is visible in
>> the persons view, anyway. Not to mention tableoid.
> Yeah, tableoid is a deal-breaker.
On fre, 2009-10-30 at 00:49 -0400, Tom Lane wrote:
> Peter Eisentraut writes:
> > There is a gap in the permission scheme for inheritance setups. Say you
> > have this:
>
> > CREATE TABLE persons (...);
> > CREATE TABLE employees (...) INHERITS (persons);
>
> > GRANT SELECT ON persons TO foo;
>
Peter Eisentraut writes:
> There is a gap in the permission scheme for inheritance setups. Say you
> have this:
> CREATE TABLE persons (...);
> CREATE TABLE employees (...) INHERITS (persons);
> GRANT SELECT ON persons TO foo;
> Then user foo can extract who the employees are using
> SELECT *
There is a gap in the permission scheme for inheritance setups. Say you
have this:
CREATE TABLE persons (...);
CREATE TABLE employees (...) INHERITS (persons);
GRANT SELECT ON persons TO foo;
Then user foo can extract who the employees are using
SELECT * FROM persons EXCEPT SELECT * FROM ONLY