非互換
FUJITSU Enterprise Postgres 14では、列単位にアクセス権を付けて、かつ、JOINで別名を使用して問い合わせを実施する場合の動作を変更します。
例のSQL文の場合、情報は取得できます。
[例]
=# CREATE USER regress_priv_user1; =# CREATE USER regress_priv_user2; =# SET SESSION AUTHORIZATION regress_priv_user1; => CREATE TABLE atest5 (one int, two int unique, three int, four int unique); => GRANT SELECT (one), INSERT (two), UPDATE (three) ON atest5 TO regress_priv_user2; => INSERT INTO atest5 VALUES (1,2,3); => SET SESSION AUTHORIZATION regress_priv_user2; => SELECT * FROM (atest5 a JOIN atest5 b USING (one)) j; one | two | three | four | two | three | four -----+-----+-------+------+-----+-------+------ 1 | 2 | 3 | | 2 | 3 | (1 row)
例のSQL文の場合、情報は取得できません。
[例]
=# CREATE USER regress_priv_user1; =# CREATE USER regress_priv_user2; =# SET SESSION AUTHORIZATION regress_priv_user1; => CREATE TABLE atest5 (one int, two int unique, three int, four int unique); => GRANT SELECT (one), INSERT (two), UPDATE (three) ON atest5 TO regress_priv_user2; => INSERT INTO atest5 VALUES (1,2,3); => SET SESSION AUTHORIZATION regress_priv_user2; => SELECT * FROM (atest5 a JOIN atest5 b USING (one)) j; ERROR: permission denied for table atest5
対処方法
ありません。
