| From: | Klint Gore <kgore4(at)une(dot)edu(dot)au> |
|---|---|
| To: | Andreas <maps(dot)on(at)gmx(dot)net> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: How restrict select on a view ? |
| Date: | 2008-12-16 02:38:52 |
| Message-ID: | 494714BC.6020006@une.edu.au |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Andreas wrote:
> I'd like to have a view only to be used by certain users.
> The tables are public.
>
> Can this only be done by restricting access to the tables?
>
GRANT/REVOKE works on views
revoke all on aview from public;
grant select on aview to user1;
As Raymond pointed out, if user2 knows what the definition of aview is,
they can just run it against the raw tables.
e.g.
create view aview as select * from pg_proc;
revoke all on aview from public;
grant select on aview to user1;
set session authorization user2;
select * from aview; -- fails
select * from pg_proc; -- works and gives the same result
klint.
--
Klint Gore
Database Manager
Sheep CRC
A.G.B.U.
University of New England
Armidale NSW 2350
Ph: 02 6773 3789
Fax: 02 6773 3266
EMail: kgore4(at)une(dot)edu(dot)au
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sebastian Böhm | 2008-12-16 03:02:09 | Re: tup_returned/ tup_fetched |
| Previous Message | Adrian Klaver | 2008-12-16 02:31:11 | Re: Create Language Error |