| From: | Richard Huxton <dev(at)archonet(dot)com> |
|---|---|
| To: | Pluto <pluto(at)annoyance(dot)net> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Data access permission? |
| Date: | 2001-03-31 07:16:21 |
| Message-ID: | 3AC58443.C4A672E9@archonet.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Pluto wrote:
> Can PostgreSQL, MySQL or other database programs can allow some user to
> access some specific data while other data is prohibited to them in a
> same database? If so, how to implement that? For instance, a client can
Check the GRANT and REVOKE commands. This will give you table-level
access control.
> print last month's statement through the Internet by providing a
> password to him/her; this client can only check the data that belong to
> him/her, at the meantime, there is other clients' data in the same
> database. Thanks for your kind help!
If the data is in the same table, create two views (see CREATE VIEW) to
control what data can be seen. Grant permission to the view required and
revoke permissions on the underlying table.
You can of course also apply controls in your application, and it might
be an idea to do both (security in depth).
There's more in Bruce's book (link to the online version from
www.postgresql.org) and my notes at techdocs.postgresql.org
- Richard Huxton
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Oliver Elphick | 2001-03-31 07:59:15 | Re: pg_hba.conf and crypt/password |
| Previous Message | will trillich | 2001-03-31 06:17:46 | Re: function to operate on same fields, different records? |