| From: | Bear Giles <bgiles(at)coyotesong(dot)com> |
|---|---|
| To: | chris <chrisk(at)pgsqlrocket(dot)com> |
| Cc: | "pgsql-admin(at)lists(dot)postgresql(dot)org" <pgsql-admin(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: audit table with permissions |
| Date: | 2018-02-28 22:42:31 |
| Message-ID: | CALBNtw4=c4Y0=AajNXfNEz8+iXr774YoNJO-=cWPGqRSOMj2gQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Wed, Feb 28, 2018 at 2:12 PM, chris <chrisk(at)pgsqlrocket(dot)com> wrote:
> I created functions and a trigger to audit tables on my database but I
> have a problem with permissions on the functions and function schema I
> created. I can grant permissions to the current user of the original table
> being audited but I need a way to automate grants and revokes made to the
> original table so that any time those change in the future I don't have to
> worry about updating permissions or leaving a hole in security by granting
> all users full permissions to the functions and function schema.
>
> From my understanding event triggers can't be set the grant/revoke only
> create, alter or drop.
>
> Any input would really help me, I'm very fresh to writing functions and
> triggers.
>
> Thanks,
>
> Chris
>
What about 'create function ... security definer'? That will run the
function with the permissions of the person who defined the function, not
the person who executes the function ('security invoker'). You still have
to worry about changing permissions on the table but only have to worry
about how they impact the user that created the function.
Bear
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2018-02-28 22:56:43 | Re: postgresql 9.6 - cannot freeze committed xmax |
| Previous Message | Alexandre Garcia | 2018-02-28 21:57:12 | Re: postgresql 9.6 - cannot freeze committed xmax |