| From: | Marvin McNett <mmcnett(at)cs(dot)ucsd(dot)edu> |
|---|---|
| To: | Bruno Wolff III <bruno(at)wolff(dot)to> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: insert through function only |
| Date: | 2004-05-03 22:47:27 |
| Message-ID: | 4096CBFF.7080400@cs.ucsd.edu |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Thanks Bruno,
This is exactly what I needed to know.
Cordially,
Marvin
Bruno Wolff III wrote:
> On Mon, May 03, 2004 at 15:12:00 -0700,
> Marvin McNett <mmcnett(at)cs(dot)ucsd(dot)edu> wrote:
>
>>How do I go about ensuring that data is only added to a table through a
>>function? I've tried granting execute persission on the function which
>>inserts data, but can't get it to work unless the user also has insert
>>permission on the table. I don't want the user to be able to
>>arbitrarily insert data.
>
>
> You need to use SECURITY DEFINER so that the function runs with the
> access of its definer instead of its invoker.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2004-05-03 23:01:02 | Re: insert through function only |
| Previous Message | Bruno Wolff III | 2004-05-03 22:39:37 | Re: insert through function only |