| From: | R D <mrk279(at)yahoo(dot)com> |
|---|---|
| To: | jmoschet(at)netscape(dot)net |
| Cc: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: Permissions on Stored Procedures |
| Date: | 2000-12-27 08:14:05 |
| Message-ID: | 20001227081405.45087.qmail@web10004.mail.yahoo.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
I hoped to see that and per database allow/deny
ctreation of tables to groups/users in PostgreSQL 7.1
but as far as I know it will not be done.
Rumen
--- jmoschet(at)netscape(dot)net wrote:
> I've been searching the lists and found a similar
> question but there have no
> replies.
>
> What I would like to be able to do in Postgres is
> give users/groups the
> ability to execute stored procedures on a per
> procedure basis.
>
> I am looking into the Rules system, thinking that
> this is acheiveable through
> the use of query rewriting, dummy tables and
> _insert, _delete, _update rules.
>
>
> I see in the internals.ps (docs directory) file
> there is an example (2.5.8 /
> pg 49-50) of creating a dummy table and a rule that
> gets executed when
> someone issues a SELECT on that dummy table.
>
> The rule defines the actual query which is executed,
> so the *user* is none
> the wiser. That's a start.
>
> It seems that keeping track of *dummy* tables could
> get hairy and somone
> cleaning up could accidentally remove a dummy table
> and disable a whole mess
> of things inadvertenty.
>
> It would appear to be possible to set ACLs on a
> dummy table to only allow
> certain users/groups to execute the select, insert,
> update or delete on the
> dummy table itself. Thereby using the built-in
> postgres security to intervene
> and before the rules are ever executed.
>
> There is an example of the use of a rule to prevent
> an insert on a table that
> uses a special naming convention, <tablename>_insert
> that automatically gets
> executed when the INSERT is issued. (and similarly
> for the
> <tablename>_select, <tablename>_update and
> <tablename>_delete)
> (PostgreSQL: Introduction and Concepts / Momjian,
> pg. 149)
>
> Now if I'm way off and these scenarios are not
> possible, it would be nice to
> have ACL's on entries in the pg_proc table or an
> additional entry in pg_class
> for each stored proc/function (but that seems
> unlikely as it seems this would
> affect other parts of the postgres subsystem) and
> have the 'traffic-cop'
> check the permissions on the functions for us.
>
> Thanks.
>
> John Moschetto
> attendee OSDN/OSDB Summit
> Oct 30-31 2000 - Hayes Mansion
> San Jose, California
>
>
__________________________________________________________________
> Get your own FREE, personal Netscape Webmail account
> today at
> http://webmail.netscape.com/
__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | jmoschet | 2000-12-27 17:41:01 | Re: Permissions on Stored Procedures ==> current_user |
| Previous Message | R D | 2000-12-27 07:59:09 | Re: Is that a bug? |