Re: how to hide database objects from users, that don't have access to them

In response to Oleksandr Pryymak <public(at)inmind(dot)org>:
>
> Actually we've got a problem developing a DB with a lot of logic in it:
> Our database has couple different interfaces to other systems (made
> using views and procedures) and some interfaces need to be public or
> semi-public. Even if we grant all rights correctly, each user, that able
> to connect to the DB, has rights to view structures of all it components
> (procedures/views/tables..) even he has no kind of access rights to them (!)
>
> We've been little in trouble about, as far we can't open structure
> and especial plenty a lot of logic inside in procedures (mainly written
> in pgsql) to all users, as far we can't trust them.
>
> If there any workaround to fix this and provide different users
> interfaces to DB showing only objects, they have access to?
>
>
>
> really would be grateful for help, as far we notice this hidden
> trouble to late to change project design.

I don't have a _good_ answer for you, but since it seems nobody else does
either (although it could just be the mail server being slow).

You could rewrite functionality that you must keep hidden in C or C++
stored procedures. Since they're compiled, users won't have access to
their logic. It'll require a lot of work to rewrite, but perhaps you
could pick only the most critical parts to rewrite?

As I said, not a _good_ answer, but hopefully helpful.

--
Bill Moran
Collaborative Fusion Inc.