Re: users, address record restrictions

On Mon, Jun 20, 2005 at 05:17:57PM -0700, Teunis Peters wrote:
>
> however - I'd like to restrict access to specific records and groups of
> records (based on another table) - and I'm not even sure where to start
> looking. I suspect I actually need to look into triggers and/or
> embedded libraries to solve this (and this means writing it) but I
> haven't figured where to start...
>
> basically per-record (given a set of rules) access restrictions.
>
> Please do let me know where I can ask more :)
>
> Looking for controlling SELECT, INSERT, UPDATE and DELETE.

As I mentioned in my followup in pgsql-interfaces, you could use a
view to restrict who can see what records, and you could use rules
to allow inserts, updates, and deletes on the view. For more info
and examples see CREATE VIEW and "The Rule System" in the documentation:

http://www.postgresql.org/docs/8.0/static/sql-createview.html
http://www.postgresql.org/docs/8.0/static/rules.html

Be aware that rules have "gotchas" that can produce unexpected
results. Make sure you understand what's really happening, and do
thorough testing before putting anything into production.

If views and rules don't sound like they'll work, then please provide
more information about what you're doing.

> I -am- interested in examples of server-side scripting as well...
> am still searching.

See "Server Programming" in the documentation:

http://www.postgresql.org/docs/8.0/static/server-programming.html

You could also search the list archives for phrases like "CREATE
FUNCTION" -- many examples have been posted to the mailing lists
over the years. See also resources like the General Bits newsletter:

http://www.varlena.com/varlena/GeneralBits/

--
Michael Fuhr
http://www.fuhr.org/~mfuhr/