Defining roles

From: Michael Gould <mgould(at)intermodalsoftwaresolutions(dot)net>
To: pgsql-general(at)postgresql(dot)org
Subject: Defining roles
Date: 2009-10-26 15:32:05
Message-ID: 9375134c9496ea4f39b876becc262ac2@intermodalsoftwaresolutions.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

In our system we have a hybrid security system. We have tables that I want
to make sure that based on membership in a group that update and/or delete
is not allowed to a specific group. We also have application level security
which is much more granular and is much more job function based. Our
application is a transportation application, so a user might have insert,
update and delete in order entry but a dispatcher would not have the ability
to delete a order, they must cancel it with a reason code. These would both
be part of the same ROLE in the database. Trying to maintain the database
to match the application security would become cumbersome for our customers.

Now for the question, if I specifically revoke a update or delete on a per
table basis for a role to I still have to specifically define what security
attributes they have access on? If this doesn't work, would I give access to
the schema and then just specifically revoke the update or delete
functionality for just the tables I'm looking to protect.

Best Regards

Mike Gould

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message David Wall 2009-10-26 16:46:45 Operational performance: one big table versus many smaller tables
Previous Message Ivan Sergio Borgonovo 2009-10-26 15:05:25 Re: joining an array with a table or...?