From: | Bryce Nesbitt <bryce1(at)obviously(dot)com> |
---|---|
To: | pgsql-sql(at)postgresql(dot)org |
Subject: | Re: Proposed archival read only trigger on rows - prevent history modification |
Date: | 2008-02-12 08:30:32 |
Message-ID: | 47B15928.40501@obviously.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-sql |
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
(because our legacy application, which won't change, is using the
underlying tables. We can't do step #5).<br>
<br>
Bryce Nesbitt wrote:
<blockquote cite="mid:47B1580A(dot)7050703(at)obviously(dot)com" type="cite">
<pre wrap="">Yes, the view approach has some advantages. But it still leaves the
underlying tables naked to modification.
And since the most likely error is... well... me (or another admin) at
the SQL prompt, we want underlying tables protected also.
chester c young wrote:
</pre>
<blockquote type="cite">
<pre wrap="">instead of triggers I use update-able views and permissions.
1. all dml goes through the view
2. use rules on the view to do dml to the table
3. in rules prevent updating all/any columns when whatever
4. grant dml to view to your pgconnect user
5. revoke dml from table to your pgconnect user
imho another instance where rules rule. for example, you can easily
fit logging into the same view.
</pre>
</blockquote>
<pre wrap=""><!---->
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="100">--
----
Visit <a class="moz-txt-link-freetext" href="http://www.obviously.com/">http://www.obviously.com/</a>
</pre>
</body>
</html>
Attachment | Content-Type | Size |
---|---|---|
unknown_filename | text/html | 1.3 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Richard Huxton | 2008-02-12 08:32:55 | Re: Backward compatibility psql 8.1 to 8.2 |
Previous Message | Bryce Nesbitt | 2008-02-12 08:25:46 | Re: Proposed archival read only trigger on rows - prevent history modification |