Restricting user access to an absolute minimum?

From: Carlos Moreno <moreno_pg(at)mochima(dot)com>
To: pgsql-general(at)postgresql(dot)org
Subject: Restricting user access to an absolute minimum?
Date: 2007-09-24 19:17:21
Message-ID: 46F80D41.7070703@mochima.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general


Hi,

I'm trying to give access to *some* data to a third-party user.

I want to create a view with a choice of columns and a reduced
set of rows (via a where clause as part of the view definition), and
give this user access to that *and only that* --- where the "and
only that" goes in the most strict sense possible!

The thing is, I create a test user; I log in as that user to the "main"
database (with psql), I type \d and I see the list of tables.

Perhaps much worse, I do \d some_table or \d vw_some_view and
I see the definition for any arbitrary table or view.

How can I avoid all that? That is, I would like the user to be able
to do *exclusively* "select * from vw_xxxx" and see the data that
results from that query.

I tried logging in as superuser and did:

revoke all on schema public from new_user;
revoke all on pg_tables from new_user;
revoke all on pg_views from new_user;

and another half dozen or so, but still the user is able to view
whatever it wants to view (not the data, of course --- if I do
"select * from some_table" then of course, I get access denied).

There must be solutions to this, right? Any tips appreciated!!

Thanks,

Carlos
--

Browse pgsql-general by date

  From Date Subject
Next Message Dawid Kuroczko 2007-09-24 19:28:29 Re: DELETE FROM pg_class
Previous Message Ardian Xharra 2007-09-24 19:08:27 Re: Why the ERROR: duplicate key violates unique constraint "master_pkey" is raised? - Is this a Bug?