| From: | Mark Stosberg <mark(at)summersault(dot)com> |
|---|---|
| To: | pgsql-sql(at)postgresql(dot)org |
| Subject: | Need help revoking access WHERE state = 'deleted' |
| Date: | 2013-02-28 16:37:39 |
| Message-ID: | kgo14h$vm3$1@ger.gmane.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
We are working on a project to start storing some data as "soft deleted"
(WHERE state = 'deleted') instead of hard-deleting it.
To make sure that we never accidentally expose the deleted rows through
the application, I had the idea to use a view and permissions for this
purpose.
I thought I could revoke SELECT access to the "entities" table, but then
grant SELECT access to a view:
CREATE VIEW entities_not_deleted AS SELECT * FROM entities WHERE state
!= 'deleted';
We could then find/replace in the code to replace references to the
"entities" table with the "entities_not_deleted" table
However, this isn't working, I "permission denied" when trying to use
the view. (as the same user that has had their SELECT access removed to
the underlying table.)
We are not stuck on this design. What's a recommended way to solve this
problem?
Mark
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ben Morrow | 2013-02-28 18:02:05 | Re: Need help revoking access WHERE state = 'deleted' |
| Previous Message | Marko Rihtar | 2013-02-28 10:21:04 | Concatenating bytea types... |