| From: | Rafal Pietrak <rafal(at)zorro(dot)isa-geek(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Restricting access to rows? |
| Date: | 2006-05-26 06:30:50 |
| Message-ID: | 1148625051.20217.417.camel@model.home.waw.pl |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi,
Are there any plans to make CREATE USER local to a database? (as opposed
to CLUSTER scope, as it is today)
So that in such cases as Benjamin's, the ISP could satisfy customer
requests by createing and handing over the new database instance within
the managed cluster? Even with the unrestricted CREATE USER privileges?
-R
On Fri, 2006-05-26 at 07:39 +0200, Andreas Kretschmer wrote:
> Benjamin Smith <lists(at)benjamindsmith(dot)com> schrieb:
> > How can I set up a user so that Bob can update his records, without letting
> > Bob update Jane's records? Is it possible, say with a view or some other
> > intermediate data type?
>
> You can use a VIEW to select all rows for CURRENT_USER, and then create
> RULES for this view to do INSERT, UPDATE and DELETE.
>
> A nice framework for row-level access-control is 'veil':
> http://pgfoundry.org/projects/veil
>
>
> HTH, Andreas
--
-R
| From | Date | Subject | |
|---|---|---|---|
| Next Message | hubert depesz lubaczewski | 2006-05-26 07:00:31 | Re: Best practice to grant all privileges on all bjects in database? |
| Previous Message | Greg Stark | 2006-05-26 06:16:20 | Re: Restricting access to rows? |