| From: | Stephan Szabo <sszabo(at)megazone23(dot)bigpanda(dot)com> |
|---|---|
| To: | "Lars Preben S(dot) Arnesen" <l(dot)p(dot)arnesen(at)usit(dot)uio(dot)no> |
| Cc: | <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: User permissions |
| Date: | 2002-03-12 16:58:06 |
| Message-ID: | 20020312085435.P64813-100000@megazone23.bigpanda.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 12 Mar 2002, Lars Preben S. Arnesen wrote:
> I'm writing a web application to access a Postgres database. I want
> the application to use a user with limited permissions - it should
> only be able to execute predefined functions in the database.
>
> I have been searching for the Postgres-way of doing this, but I din't
> find any solution.
>
> I have designed functions with pl/pgsql which do alter, insert, select
> and delete in the database, but I don't want the database user to be
> able to perform these actions without using the predefined functions.
>
> How can I do this?
Well, I'm not sure you can using only pl/pgsql, but if you don't grant
access to any of the tables, I know that in C you can have functions run
queries as a different user. However I'm not sure how well that'll
work for things that you want to return result sets (you could make
temp tables that the user has access to for that I guess)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Lance Ellinghaus | 2002-03-12 17:12:29 | Exclusive Row access??? |
| Previous Message | Doug McNaught | 2002-03-12 16:50:23 | Re: cannot initdb |