| From: | Peter Wright <peter(at)wright-stuff(dot)com> |
|---|---|
| To: | pgsql-novice(at)lists(dot)postgresql(dot)org |
| Subject: | Restricting certain users from accessing PUBLIC resources |
| Date: | 2021-04-02 19:24:16 |
| Message-ID: | CAEAvph2VX4_k3=gHvepkDJJ8Y4-L2zcQid3Yr1eKwBVBrzePrg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
I develop solutions for a third-party accounting application that uses
PostgreSQL.
Those solutions often use an ODBC connection to the database.
The application design has given PUBLIC access to all the tables. I want
to create my own postgres users that only have access to certain tables. I
don't want to make changes to the settings of the applications native
tables.
I suspect it's not possible. I have tested the accounting application and
it still seems to function if I remove this PUBLIC access to certain
tables. The application creates its own user IDs for its own internal use
of the database.
If I can't solve this problem, then if I had a compelling reason why this
practice of giving PUBLIC access to all the data is inherently less secure,
they may make changes to this. Any documented 'best practices' that
addressed this would be helpful.
Peter
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Connah | 2021-04-06 16:52:21 | Return a table from a function |
| Previous Message | Simon Connah | 2021-04-01 10:12:20 | Re: Passing an argument to a trigger function using tg_argv |