| From: | JanWieck(at)t-online(dot)de (Jan Wieck) |
|---|---|
| To: | markus(dot)wagner(at)bigfoot(dot)com |
| Cc: | pgsql-sql <pgsql-sql(at)postgresql(dot)org> |
| Subject: | Re: create function - user permissions |
| Date: | 2000-07-22 09:11:51 |
| Message-ID: | 200007220911.LAA08325@hot.jw.home |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
Markus Wagner wrote:
> Hi,
>
> one of my users wants to create functions using the C language, but pgs
> says "no permission".
>
> How can I permit the user to do this, while avoiding to give him root
> access rights?
Assuming with "root" access you mean "DB-superuser" rights.
No way!
From the C language, he has total access to the DB backend,
running under the OS-side database system owners UID. That
means, he has complete OS access to the entire DB
installation! He could read/write system catalogs without any
permission checks (SPI is only for convienience, someone can
use heap-am as well).
So in fact, he IS a superuser then. And that should be
reflected in his rights. Giving him the right would also
prevent him from doing stupid things to gain access for data
he shouldn't have, possibly corrupting you DB installation by
accident.
If that all isn't an option for you, give him his own DB
installation where he is his own superuser. There he can
develop those things and after code revision, you install the
modules in the production system.
Jan
--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#================================================== JanWieck(at)Yahoo(dot)com #
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mitch Vincent | 2000-07-22 22:41:43 | Re: query optimazation & starting postmaster with -B option |
| Previous Message | Jan Wieck | 2000-07-22 09:01:05 | Re: Why do I need to set UPDATE permissions for fkey check? |