| Subject | Re: [firebird-support] Unexpected privileges on a table via a view |
|---|---|
| Author | Mark Rotteveel |
| Post date | 2017-11-12T10:08:35Z |
On 12-11-2017 10:17, Brian Dunstan brian@... [firebird-support]
wrote:
a case where the view is created by a user without rights on tab_a?
Mark
--
Mark Rotteveel
wrote:
>It works exactly the same under Firebird 2.5. Maybe you are thinking of
>
> Hi,
>
> I’m running Firebird 3.0, dialect 3.
>
> As SYSDBA I’ve created a table and a view, thus:
>
> *create table tab_a (x integer, y integer, z integer);*
>
> **
>
> *create or alter view test_view (x, y, z)*
>
> *as select a.x, a.y, a.z from tab_a a;*
>
> **
>
> *grant select on test_view to public;*
>
> Connect as an ordinary unprivileged user without a role:
>
> *Select * from tab_a*
>
> Fails as expected “no permission for SELECT access to TABLE TAB_A”
>
> But
>
> *Select * from test_view returns the data from TAB_A.*
>
> **
>
> No privileges have been granted on the table for the view and the user
> has no privileges on the table, so why can the view access the table?
>
> Previous experience (with Firebird 2.5 and dialect 1) has been that a
> view must be *granted* *select* privileges on a table before it is
> available, but Firebird 3.0 dialect 3 seems to be behaving differently.
> I’d really appreciate it if someone can point out what has changed or
> what I am misunderstanding.
a case where the view is created by a user without rights on tab_a?
Mark
--
Mark Rotteveel