| From: | Gerardo Herzig <gherzig(at)fmed(dot)uba(dot)ar> |
|---|---|
| To: | Alvin D?az <alvin(dot)rd(at)live(dot)com> |
| Cc: | pgsql-sql(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Access to table only through functions |
| Date: | 2018-05-07 01:14:25 |
| Message-ID: | 1639829908.381388.1525655665344.JavaMail.zimbra@fmed.uba.ar |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
----- Mensaje original -----
> De: "Alvin D?az" <alvin(dot)rd(at)live(dot)com>
> Para: pgsql-sql(at)lists(dot)postgresql(dot)org
> Enviados: Domingo, 6 de Mayo 2018 19:51:09
> Asunto: Access to table only through functions
> I am working in a software but I am using and approach in which business logic
> is in the database this way programmers only have to worry about what functions
> they have to call to perform some action or wich view query to get certain data
> but for this work perfectly I need to prevent developers to realize direct CRUD
> operations against the tables so is there a way that I could just allow a db
> user have permission to execute functions but not to perform actions on tables
>
> Example:
>
> 1- table_user(id int, name text)
> 2- function_save_user(id int, name int).......
>
> You can insert using the function but not writing direct insert statement.
>
What you want is the "security definer" option when create functions. See
https://www.postgresql.org/docs/current/static/sql-createfunction.html
HTH
Gerardo
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvin D?az | 2018-05-07 01:56:07 | Re: Access to table only through functions |
| Previous Message | Alvin D?az | 2018-05-06 22:51:09 | Access to table only through functions |