From: | Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
---|---|
To: | "Roberts, Jon" <Jon(dot)Roberts(at)asurion(dot)com> |
Cc: | "'Kris Jurka'" <books(at)ejurka(dot)com>, Merlin Moncure <mmoncure(at)gmail(dot)com>, "Jonah H(dot) Harris" <jonah(dot)harris(at)gmail(dot)com>, Bill Moran <wmoran(at)collaborativefusion(dot)com>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, pgsql-performance(at)postgresql(dot)org |
Subject: | Re: viewing source code |
Date: | 2007-12-18 18:52:23 |
Message-ID: | 20071218185223.GD8088@alvh.no-ip.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-performance |
Roberts, Jon escribió:
> So you are saying I need to create a view per user to achieve this? That
> isn't practical for an enterprise level database.
No -- that would be quite impractical indeed. I'm talking about
something like
revoke all privileges on pg_proc from public;
create view limited_pg_proc
as select * from pg_proc
where proowner = (select oid from pg_authid where rolname = current_user);
grant select on limited_pg_proc to public;
Of course, it is only a rough sketch. It needs to be improved in a
number of ways. But it shows that even with pure SQL the solution is
not far; with backend changes it is certainly doable (for example invent
a separate "view source" privilege for functions).
--
Alvaro Herrera http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.
From | Date | Subject | |
---|---|---|---|
Next Message | Joshua D. Drake | 2007-12-18 18:52:49 | Re: viewing source code |
Previous Message | Richard Huxton | 2007-12-18 18:50:36 | Re: viewing source code |