| From: | greg(at)turnstep(dot)com |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Cc: | thomharp(at)charter(dot)net |
| Subject: | Re: How to prevent users from doing manually what my trigger should do for them? |
| Date: | 2003-03-26 15:44:37 |
| Message-ID: | ccce652d4c742c9063ef9d55a180bbab@biglumber.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> I have a trigger which inserts a row into a table (table A) based on
> what a user inserts into a different table (table B). To allow this,
> the user needs insert permission for table A in order for the trigger
> to run. Is there a way I can restrict this so the user only has
> permission to insert via the trigger and not manually? I can't trust
> my users to insert correct values into table A by themselves but I
> need them to be able to run the trigger.
Create another user which has insert permissions on table B. Have this
user create a (trigger) function that inserts into table B, and make
sure the function is marked as EXTERNAL SECURITY DEFINER. Set this function
as a trigger on table A, and your users should only be able to insert into
table B through the trigger.
- --
Greg Sabino Mullane greg(at)turnstep(dot)com
PGP Key: 0x14964AC8 200303261036
-----BEGIN PGP SIGNATURE-----
Comment: http://www.turnstep.com/pgp.html
iD8DBQE+gcq7vJuQZxSWSsgRAiqgAKCeA9f6mCKFw8M3itKty3q9LjmocQCgqzOt
hPJTbbCOTqbe61Kip8esmWA=
=8eCk
-----END PGP SIGNATURE-----
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dennis Gearon | 2003-03-26 15:47:12 | Re: Please help with this error message |
| Previous Message | Dennis Gearon | 2003-03-26 15:39:42 | Re: transaction blocking inserts in postgresql 7.3 |