| From: | Shawn Harrison <harrison(at)tbc(dot)net> |
|---|---|
| To: | PgSQL General List <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Allowing update of column only from trigger |
| Date: | 2005-01-31 18:35:35 |
| Message-ID: | 41FE7A77.9010807@tbc.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Andrey V. Semyonov wrote [01/29/05 12:45 PM]:
> isn't it possible to restrict UPDATE by access rights based on the DB's
> user?
>
> Create table with owner set to the administrator of the database (NOT
> PostgreSQL SERVER!!!) and grant only the needed rights (or none of them)
> to the user from which the usual processing of the database will be
> performed. Then, create a trigger function with SECURITY DEFINER set and
> own it by the owner of the database (or other user, who's granted to
> UPDATE the table). So, if no one else is granted UPDATE on the table,
> the only UPDATE-modifiers of the table will be the owner and the trigger
> function's owner (if differs from owner).
Thank you for explaining this. I haven't done much with rights within
the database, but it seems you have explained how to do exactly what I
had been considering as the "rights"-oriented solution to my problem.
> Best regards,
> Andrey V. Semyonov
Take care,
Shawn Harrison
--
________________
harrison(at)tbc(dot)net
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sven Willenberger | 2005-01-31 18:49:44 | Re: Dereferencing a 2-dimensional array in plpgsql |
| Previous Message | Shawn Harrison | 2005-01-31 18:33:50 | Re: Allowing update of column only from trigger |