| From: | Sam Mason <sam(at)samason(dot)me(dot)uk> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Defining roles |
| Date: | 2009-10-27 11:09:54 |
| Message-ID: | 20091027110954.GI5407@samason.me.uk |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Mon, Oct 26, 2009 at 10:32:05AM -0500, Michael Gould wrote:
> In our system we have a hybrid security system.
[...]
> Trying to maintain the database
> to match the application security would become cumbersome for our customers.
Have you looked at using functions protected by "security definer"? I
tend to use these a lot when I want to enforce any remotely complicated
security properties. The functions can go away and check whatever
properties you want and allowing you to have a parallel set of checks
going on to the stuff directly supported by PG.
--
Sam http://samason.me.uk/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Denis BUCHER | 2009-10-27 11:28:53 | Invalid Page Header Error |
| Previous Message | Richard Huxton | 2009-10-27 10:54:06 | Re: design, ref integrity and performance |