| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Jayadevan M <maymala(dot)jayadevan(at)gmail(dot)com> |
| Cc: | intmail01(at)gmail(dot)com, pgsql-sql(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Hide some tables |
| Date: | 2021-08-09 13:45:57 |
| Message-ID: | 3360703.1628516757@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
Jayadevan M <maymala(dot)jayadevan(at)gmail(dot)com> writes:
> There are some operators who enters data in my database with just one
>> table. Others tables are updated by triggers, these tables contains
>> result of calculation. How to do to hide these tables because I do not
>> want that operators read them ? On help documentation it is said that I
>> can not block SELECT privilege because it is required for UPDATE.
>>
> Can you move them to a different schema, and manage using search_path?
The thing to use is privileges. Make the tables-that-should-be-hidden
owned by a different SQL role, and don't give select privilege on them
to the data entry role. The triggers can be (or call) SECURITY DEFINER
functions owned by the first role, giving them access that the data entry
role does not have.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | intmail01@gmail.com | 2021-08-09 17:48:56 | Re: Hide some tables |
| Previous Message | Jayadevan M | 2021-08-09 13:39:47 | Re: Hide some tables |