Re: view and column rights

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Jean-Yves F(dot) Barbier" <12ukwn(at)gmail(dot)com>
Cc: pgsql-novice(at)postgresql(dot)org
Subject: Re: view and column rights
Date: 2010-06-27 14:51:07
Message-ID: 10461.1277650267@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-novice

"Jean-Yves F. Barbier" <12ukwn(at)gmail(dot)com> writes:
> I read a lot about DBs and some specialists say that I must not give
> direct data (table) access to users but always through a view.

I don't believe that idea is meant to offer added security. What it is
said to be good for is isolating your applications from future changes
in the definition of the underlying table. I think its actual
usefulness for that is pretty limited, though.

Because PG lacks automatically-updatable views, it's difficult to
recommend this approach except for cases where the users need only
read-only access. Otherwise you're going to be trying to rely on
rules to handle update cases, and you'll be in for a world of pain.
The rule mechanism is full of gotchas.

Personally I'd skip the insulating-view idea in nearly all cases.

regards, tom lane

In response to

Browse pgsql-novice by date

  From Date Subject
Next Message Atif Jung 2010-06-28 11:27:01 DECLARE CURSOR
Previous Message Tom Lane 2010-06-27 14:38:03 Re: escape