| From: | Bruno Wolff III <bruno(at)wolff(dot)to> |
|---|---|
| To: | Michal Taborsky <michal(at)taborsky(dot)cz> |
| Cc: | Doug McNaught <doug(at)mcnaught(dot)org>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Row-level security--is it possible? |
| Date: | 2004-07-02 17:06:24 |
| Message-ID: | 20040702170624.GA30978@wolff.to |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Fri, Jul 02, 2004 at 17:32:07 +0200,
Michal Taborsky <michal(at)taborsky(dot)cz> wrote:
> Doug McNaught wrote:
> >But why not create a "products_restricted" view that uses the
> >CURRENT_USER function to see who's running it?
> >
> >CREATE VIEW products_restricted AS
> >SELECT * FROM products WHERE Producer_ID = get_producer_id(CURRENT_USER);
> >
> >[CURRENT_USER returns a string, so you would need to map it to your
> >producer_id somehow.]
>
> This would work only for this case (limiting single producer to one
> user). But we want to have a bit more flexible system, so we'd be able
> define the restrictions freely (like "only producers 1 and 5 and price
> less than 100"). I'm sorry I did not mention this.
Then you can create a group table matching up producers and authorized users.
The view should join the base table with the group table on producer and
limit the results to users matching the "current_user". With appropiate
indexes this should be fast.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mike Rylander | 2004-07-02 17:10:11 | Re: Row-level security--is it possible? |
| Previous Message | joseph speigle | 2004-07-02 16:55:20 | Re: How to add an userA to login postgresadmin |