| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | Marc Munro <marc(at)bloodnok(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: row based security ... was Different views with same name |
| Date: | 2002-01-21 20:03:13 |
| Message-ID: | 200201212003.g0LK3D205083@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Marc Munro wrote:
> Harald wants to be able to show different users different subsets of
> data, and also give them different update permissions.
>
> This is also what I want to do with a PostrgeSQL implementation of
> Virtual Private Databases. Harald, you might want to check out some of
> Oracle's documentation on this to help soldify your own ideas. Google
> should be able to help. If not contact me and I'll see what I can find
> for you.
>
> Here is a quick view of what I want to achieve:
>
> Consider a table "t_x" to which we wish to control access according to
> the value of its "name" field, and the caller's access rights.
>
> We create a view "x" on this table as follows:
>
> create view x as
> select *
> from t_x
> where i_can_see(name);
>
> The access control is now placed firmly in the hands of the i_can_see()
> function which we can make as simple or complex as we like. And we can
> play similar tricks with update, insert and delete rules.
That is a fantastic trick.
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2002-01-21 20:19:20 | Re: row based security ... was Different views with same name for |
| Previous Message | Jason Earl | 2002-01-21 19:36:37 | Re: [HACKERS] PostgreSQL Licence: GNU/GPL |