| From: | Kathy Smith <ksmith(at)lanl(dot)gov> |
|---|---|
| To: | pgsql-interfaces(at)postgresql(dot)org |
| Cc: | clittle(at)lanl(dot)gov |
| Subject: | Execute access on functions |
| Date: | 2005-03-23 19:35:12 |
| Message-ID: | 6.0.3.0.2.20050323105558.02b80ff8@nis-mail.lanl.gov |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-interfaces |
I want to control access (update, delete) to my tables and have done that
with other DBMSs using stored procedures. Besides performance, I believe
that's one of the primary advantages of stored procedures. I grant execute
on the procedure to a group containing the users with controlled update
access. Never on the table. I cannot seem to find the equivalent in
postgres. I had hoped to be able to do this with user-defined functions
but the following statement implies that if the SECURITY DEFINER is used,
that *anyone* who can get to that function can execute it. Hardly the
solution I am looking for. The alternative being that I must grant update
to the table :(
The CREATE FUNCTION clause SECURITY DEFINER makes the function run with the
privileges of the user who created it. Otherwise, the INVOKER's privileges
are used.
Am I missing something here? Is there another way?
Thanks,
Kathy
*******************************
Kathryn K Smith
Los Alamos National Laboratory
505-699-9330
505-665-0505
The gentlest thing in the world overcomes the hardest thing in the
world. --Tao Te Ching
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruno Wolff III | 2005-03-23 20:10:16 | Re: Execute access on functions |
| Previous Message | Murray Cumming | 2005-03-21 21:17:12 | Re: per-database groups? (was Discovering privileges) |