From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | "Jean-Yves F(dot) Barbier" <12ukwn(at)gmail(dot)com> |
Cc: | pgsql-novice(at)postgresql(dot)org |
Subject: | Re: view and column rights |
Date: | 2010-06-27 14:51:07 |
Message-ID: | 10461.1277650267@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-novice |
"Jean-Yves F. Barbier" <12ukwn(at)gmail(dot)com> writes:
> I read a lot about DBs and some specialists say that I must not give
> direct data (table) access to users but always through a view.
I don't believe that idea is meant to offer added security. What it is
said to be good for is isolating your applications from future changes
in the definition of the underlying table. I think its actual
usefulness for that is pretty limited, though.
Because PG lacks automatically-updatable views, it's difficult to
recommend this approach except for cases where the users need only
read-only access. Otherwise you're going to be trying to rely on
rules to handle update cases, and you'll be in for a world of pain.
The rule mechanism is full of gotchas.
Personally I'd skip the insulating-view idea in nearly all cases.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Atif Jung | 2010-06-28 11:27:01 | DECLARE CURSOR |
Previous Message | Tom Lane | 2010-06-27 14:38:03 | Re: escape |