From: | Jim Nasby <Jim(dot)Nasby(at)BlueTreble(dot)com> |
---|---|
To: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, John McKown <john(dot)archie(dot)mckown(at)gmail(dot)com>, PostgreSQL General <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: New column modifier? |
Date: | 2015-04-29 22:56:54 |
Message-ID: | 554161B6.6060108@BlueTreble.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On 4/29/15 1:05 PM, Joshua D. Drake wrote:
>>
>> [ discussion about read-only columns ]
>
> See here
>
> GRANT { { SELECT | INSERT | UPDATE | REFERENCES } ( column_name [, ...] )
What I don't like about relying on GRANT is that the table owner gets to
bypass all that, as does a superuser. So when I'm serious about an
operation (insert, update or delete) not happening on something, I put a
trigger in place. Obviously a table owner or SU can always disable that,
but they can't do it accidentally. I would love the ability to restrict
operations both at a table and a column level.
BTW, John, you mentioned RULEs elsewhere... be very careful about using
those. They're incredibly easy to get wrong and generally not worth the
trouble.
--
Jim Nasby, Data Architect, Blue Treble Consulting
Data in Trouble? Get it in Treble! http://BlueTreble.com
From | Date | Subject | |
---|---|---|---|
Next Message | Alex Gregory | 2015-04-29 23:01:27 | Re: PostgreSQL HA config recommendations |
Previous Message | Jim Nasby | 2015-04-29 22:50:55 | Re: newsfeed type query |