| From: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> |
|---|---|
| To: | Aleksandr Peshcherskikh <aleksandr(dot)peshcherskikh(at)gmail(dot)com> |
| Cc: | pgadmin-support(at)postgresql(dot)org |
| Subject: | Re: access to execute function without access to it content |
| Date: | 2009-07-15 04:22:15 |
| Message-ID: | 162867790907142122m6a4b4a40i2563da28a0b8c88@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-support |
Hello
PostgreSQL doesn't run procedures with owner rights, but with caller
rights. If you would to change this behave, then you have to set
SECURITY DEFINER flag for procedure.
regards
Pavel Stehule
2009/7/14 Aleksandr Peshcherskikh <aleksandr(dot)peshcherskikh(at)gmail(dot)com>:
> Hello support team!
> I wanna do next trick. Create user and deny access on tables to him but
> allow to execute stored procedures which are referenced to the denied data.
> It's very ordinary use case. But I don't know how to do it in postgresql (if
> it is possible of course)
> I tried the next way.
> 1. create database test (for owner postgres)
> 2. create table test (for owner postgres)
> 3. create function trytest with simple body "perform * from test;" (for
> owner postgres)
> 4. create user test;
> 5. grant execute trytest to test
> 6. revoke select on test from test
> Now if I try to execute "trytest" from user "test" it returns me error
> "access denied to table test"
> What's wrong do I do?
> Is there any way to do what i whant?
> Regards, Aleksandr.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Guillaume Lelarge | 2009-07-15 07:24:52 | Re: pgadmin very slow |
| Previous Message | Anj Adu | 2009-07-14 18:08:07 | pgadmin very slow |