| From: | "Lars Preben S(dot) Arnesen" <l(dot)p(dot)arnesen(at)usit(dot)uio(dot)no> |
|---|---|
| To: | Doug McNaught <doug(at)wireboard(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: User permissions |
| Date: | 2002-03-14 13:38:46 |
| Message-ID: | yfr663zs1zt.fsf@lpsa.uio.no |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
[ Doug McNaught ]
> We had a nice little flamewar about this a few weeks ago. ;)
OK. I'll look into the arguments in the war...
> The "Postgres" way to do it is to lock the unprivileged user out of
> the "real" tables, and create views for that user to access. The
> views can include only the fields that you want them to see, and you'd
> create ON INSERT/DELETE/UPDATE rules to validate input and write to
> the actual tables.
Hmmm. I'm not going to start another flame war, but I think this seems
like it could be somewhat easier with the Oracle solution (at least
what I have heard from Oracle-users) that enables you to restrict a
database user only to execute predefined functions.
As I understand it I need to create functions, views and triggers to
get what I want.
> This is kind of a different way of thinking about it than the "proxy
> functions" concept but you should be able to do everything you want to
> do.
With programming, everything is possible. :)
--
Lars Preben
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Lars Preben S. Arnesen | 2002-03-14 13:40:12 | Re: User permissions |
| Previous Message | Dave | 2002-03-14 13:36:19 | JDBC Prepared Statement Bug |