| From: | Carlos Moreno <moreno_pg(at)mochima(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Restricting user access to an absolute minimum? |
| Date: | 2007-09-24 19:17:21 |
| Message-ID: | 46F80D41.7070703@mochima.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi,
I'm trying to give access to *some* data to a third-party user.
I want to create a view with a choice of columns and a reduced
set of rows (via a where clause as part of the view definition), and
give this user access to that *and only that* --- where the "and
only that" goes in the most strict sense possible!
The thing is, I create a test user; I log in as that user to the "main"
database (with psql), I type \d and I see the list of tables.
Perhaps much worse, I do \d some_table or \d vw_some_view and
I see the definition for any arbitrary table or view.
How can I avoid all that? That is, I would like the user to be able
to do *exclusively* "select * from vw_xxxx" and see the data that
results from that query.
I tried logging in as superuser and did:
revoke all on schema public from new_user;
revoke all on pg_tables from new_user;
revoke all on pg_views from new_user;
and another half dozen or so, but still the user is able to view
whatever it wants to view (not the data, of course --- if I do
"select * from some_table" then of course, I get access denied).
There must be solutions to this, right? Any tips appreciated!!
Thanks,
Carlos
--
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dawid Kuroczko | 2007-09-24 19:28:29 | Re: DELETE FROM pg_class |
| Previous Message | Ardian Xharra | 2007-09-24 19:08:27 | Re: Why the ERROR: duplicate key violates unique constraint "master_pkey" is raised? - Is this a Bug? |