| From: | "Arguile" <arguile(at)lucentstudios(dot)com> |
|---|---|
| To: | <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: grant the right to select only certain rows? |
| Date: | 2002-01-25 18:55:36 |
| Message-ID: | LLENKEMIODLDJNHBEFBOKENGEAAA.arguile@lucentstudios.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Fran Fabrizio writes:
>
>
> If I have a table students:
>
> name grade_level
> Joe 1
> Kim 1
> Lisa 2
> Mike 2
>
> And I have two database users, mary_smith and tom_white. If Mary Smith
> is the 1st grade teacher, is there any way to grant her access to only
> select rows where grade_level=1? I think GRANT only works as a
> table-wide permission, but a co-worker thinks he has seen similar
> behavior in Oracle, like
> "GRANT SELECT AS SELECT * FROM STUDENTS WHERE grade_level = 1
> ON students FOR USER mary_smith" (Rough approximation of the type of
> query I am looking for).
Not directly, Pg's ACL (Access Control Lists) only apply to full relations.
What you can do though is create a view and only grant her permission on
that view.
CREATE VIEW first_grade AS SELECT * FROM students WHERE grade_level = 1;
GRANT SELECT ON first_grade TO mary_smith;
So Mary doesn't have permissions to the "student" table, but she does have
permission to view the "first_grade" view. Not perfect by any stretch of the
imagination, but workable in many situations.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Elein | 2002-01-25 19:08:02 | Re: Yet another optimizer index choosing questions |
| Previous Message | Fran Fabrizio | 2002-01-25 18:37:29 | Re: grant the right to select only certain rows? |