From: | Andreas Kretschmer <akretschmer(at)spamfence(dot)net> |
---|---|
To: | pgsql-general(at)postgresql(dot)org |
Subject: | [9.5] question about row level security |
Date: | 2015-07-15 07:55:29 |
Message-ID: | 20150715075529.GA15156@tux |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Hello @ll,
how can i define a policy to prevent update a single field but enable
update other fields in a row?
For instance, a staff member table. the boss should be able to change
all fields but not a specific field in all rows, but should be able to
update this field for his own row.
id | name | boss |col1 | col_privat
--------------------------------
1 | boss | boss | 10 | boss privat
2 | joe | boss | 20 | joe privat
3 | sue | boss | 30 | sue privat
boss should be able to edit all except col_privat for id=2 and 3,
but he should be able update this column for id=1.
Therefore i can't revoce the update-priv for this column.
create policy enable_boss on <table> for update using
(boss=current_user) with check (???)
Is there a way to access old.* and new.* like within a trigger?
(something like with check(old.col_privat=new.col_privat))
Andreas
--
Really, I'm not out to destroy Microsoft. That will just be a completely
unintentional side effect. (Linus Torvalds)
"If I was god, I would recompile penguin with --enable-fly." (unknown)
Kaufbach, Saxony, Germany, Europe. N 51.05082°, E 13.56889°
From | Date | Subject | |
---|---|---|---|
Next Message | Andreas Kretschmer | 2015-07-15 08:34:14 | [9.5] next question: rls and indexes |
Previous Message | Mitu Verma | 2015-07-15 05:44:16 | Re: unexpected data beyond EOF in block 260 of relation pg_tblspc |