From: | Marvin McNett <mmcnett(at)cs(dot)ucsd(dot)edu> |
---|---|
To: | Bruno Wolff III <bruno(at)wolff(dot)to> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: insert through function only |
Date: | 2004-05-03 22:47:27 |
Message-ID: | 4096CBFF.7080400@cs.ucsd.edu |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Thanks Bruno,
This is exactly what I needed to know.
Cordially,
Marvin
Bruno Wolff III wrote:
> On Mon, May 03, 2004 at 15:12:00 -0700,
> Marvin McNett <mmcnett(at)cs(dot)ucsd(dot)edu> wrote:
>
>>How do I go about ensuring that data is only added to a table through a
>>function? I've tried granting execute persission on the function which
>>inserts data, but can't get it to work unless the user also has insert
>>permission on the table. I don't want the user to be able to
>>arbitrarily insert data.
>
>
> You need to use SECURITY DEFINER so that the function runs with the
> access of its definer instead of its invoker.
From | Date | Subject | |
---|---|---|---|
Next Message | Alvaro Herrera | 2004-05-03 23:01:02 | Re: insert through function only |
Previous Message | Bruno Wolff III | 2004-05-03 22:39:37 | Re: insert through function only |