| From: | Adam Witney <awitney(at)sgul(dot)ac(dot)uk> |
|---|---|
| To: | Bohdan Linda <bohdan(dot)linda(at)seznam(dot)cz>, pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Access management for DB project. |
| Date: | 2005-09-08 10:17:05 |
| Message-ID: | BF45CE31.4C839%awitney@sgul.ac.uk |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 8/9/05 11:08 am, "Bohdan Linda" <bohdan(dot)linda(at)seznam(dot)cz> wrote:
>
> Hi,
>
> I started thinking of some security access management. Basically imagine
> this scenario according users:
>
> 1) Writer does only inserts to black hole.
>
> 2) Reader does only reports on inserted data, cannot modify or add
> anything
>
> 3) Maintainer can run a task on the data, but cannot read or add anything.
> The task has to have read/write access to the tables.
>
> The first 2 types are easily solvable, but with the third type I have
> problem. I have created task in plpgsql, I granted permissions to an user
> to execute the task, but revoked on him all rights to tables. Logically
> task failed.
You could create the function with SECURITY DEFINER, that way the function
will have the permissions of the user that creates it as opposed to the user
that runs it
CREATE my_func(int) RETURNS int SECURITY DEFINER AS '.....
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrey Fomichev | 2005-09-08 10:20:42 | Re: PostgreSQL and XML support |
| Previous Message | Bohdan Linda | 2005-09-08 10:08:25 | Access management for DB project. |