尽管权限正确,为什么我可以选择视图定义而不是视图本身?
我在 Windows Server 2003 SP2 上的 PostgreSQL 9.0.1 上遇到一个奇怪的问题。
我以超级用户身份连接,然后为用户设置会话授权 “X”是继承的组角色“extranet_user”的成员 组角色“用户”的成员身份。 “X”、“extranet_user”,甚至 “用户”都是继承的。
我有以下视图:
CREATE OR REPLACE VIEW page_startup AS
SELECT contact.name, contact.nickname, COALESCE(
CASE
WHEN has_table_privilege('mandate'::text, 'select'::text)
THEN ( SELECT false AS bool
FROM mandate
NATURAL JOIN task
WHERE task.waiting_for = "session_user"()::text::integer AND
task.deadline < now()
LIMIT 1)
ELSE NULL::boolean
END, true) AS no_mandates
FROM contact
WHERE contact.id = "session_user"()::text::integer;
GRANT SELECT ON TABLE page_startup TO "user";
如果我运行此:
set session authorization "X";
select pg_has_role('user','member')
我会得到 't' 作为结果。另外,如果我运行这个(只需复制 视图的定义):
set session authorization "X";
SELECT contact.name, contact.nickname, COALESCE(
CASE
WHEN has_table_privilege('mandate'::text, 'select'::text)
THEN ( SELECT false AS bool
FROM mandate
NATURAL JOIN task
WHERE task.waiting_for = "session_user"()::text::integer AND
task.deadline < now()
LIMIT 1)
ELSE NULL::boolean
END, true) AS no_mandates
FROM contact
WHERE contact.id = "session_user"()::text::integer;
我得到了我正在寻找的单行数据。
但是,如果我尝试使用视图而不是复制其定义:
set session authorization "X";
select * from page_startup
我会得到以下信息:
ERROR: permission denied for relation page_startup
********** Error **********
ERROR: permission denied for relation page_startup
SQL state: 42501
奇怪,不是吗?有什么想法可能是为什么吗?
I'm having a strange issue on PostgreSQL 9.0.1 on Windows Server 2003 SP2.
I connect as a superuser and then SET SESSION AUTHORIZATION to user
"X" who is a member of group role "extranet_user" which inherits
membership from group role "user". "X", "extranet_user", and even
"user" are all INHERIT.
I have the following view:
CREATE OR REPLACE VIEW page_startup AS
SELECT contact.name, contact.nickname, COALESCE(
CASE
WHEN has_table_privilege('mandate'::text, 'select'::text)
THEN ( SELECT false AS bool
FROM mandate
NATURAL JOIN task
WHERE task.waiting_for = "session_user"()::text::integer AND
task.deadline < now()
LIMIT 1)
ELSE NULL::boolean
END, true) AS no_mandates
FROM contact
WHERE contact.id = "session_user"()::text::integer;
GRANT SELECT ON TABLE page_startup TO "user";
If I run this:
set session authorization "X";
select pg_has_role('user','member')
I get 't' as a result. Also, if I run this (just copying the
definition of the view):
set session authorization "X";
SELECT contact.name, contact.nickname, COALESCE(
CASE
WHEN has_table_privilege('mandate'::text, 'select'::text)
THEN ( SELECT false AS bool
FROM mandate
NATURAL JOIN task
WHERE task.waiting_for = "session_user"()::text::integer AND
task.deadline < now()
LIMIT 1)
ELSE NULL::boolean
END, true) AS no_mandates
FROM contact
WHERE contact.id = "session_user"()::text::integer;
I get the single row of data I'm looking for.
However, if I try to use the view instead of copying its definition:
set session authorization "X";
select * from page_startup
I get the following:
ERROR: permission denied for relation page_startup
********** Error **********
ERROR: permission denied for relation page_startup
SQL state: 42501
Strange, no? Any ideas why this might be?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
结果重新启动 pgAdminIII 以某种方式修复了它。在第一次遇到此错误后的某个时候,我曾将 extranet_user 的权限更改为继承,但结果没有改变。今天早上我启动了 pgAdminIII,复制了这篇文章中的代码,它成功了。
Turns out restarting pgAdminIII somehow fixed it. I had, at some point after first encountering this error, changed the permissions of extranet_user to inherit, and the results had not changed. This morning I started up pgAdminIII, copied the code from this post, and it worked.