| From: | Andreas Pflug <pgadmin(at)pse-consulting(dot)de> |
|---|---|
| To: | Gaetano Mendola <mendola(at)bigfoot(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: problem permission on view |
| Date: | 2004-09-17 22:06:11 |
| Message-ID: | 414B5FD3.7090001@pse-consulting.de |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Gaetano Mendola wrote:
> I'd like to fix this by myself but for lack of time and lack of postgres
> code knowledge I'm stuck.
What you want is
CREATE VIEW foo AS
SELECT p1, p2, bar('theValidParameter') as p3
FROM othertab;
GRANT ALL ON TABLE foo TO public;
and don't want to grant execute on bar() to public.
What you could do is creating an intermediate function like this:
CREATE FUNCTION interfoo() RETURNS SETOF record AS
$q$
SELECT p1, p2, bar('theValidParameter') as p3
FROM othertab;
$q$ LANGUAGE SQL SECURITY DEFINER;
GRANT EXECUTE ON FUNCTION interfoo() TO public;
CREATE VIEW foo AS
SELECT f.p1, f.p2, f.p3 FROM interfoo() f(a text, b text, c text);
GRANT ALL ON TABLE foo TO public;
Regards,
Andreas
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2004-09-17 22:11:06 | New config.guess and config.sub |
| Previous Message | Tom Lane | 2004-09-17 21:51:43 | Re: R-Tree operators |