Skip site navigation (1) Skip section navigation (2)

Re: Proposed archival read only trigger on rows - prevent history modification

From: Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>
To: pgsql-sql(at)postgresql(dot)org
Cc: Bryce Nesbitt <bryce1(at)obviously(dot)com>
Subject: Re: Proposed archival read only trigger on rows - prevent history modification
Date: 2008-02-22 03:31:57
Message-ID: 200802212231.58019.xzilla@users.sourceforge.net (view raw or flat)
Thread:
Lists: pgsql-sql
On Tuesday 12 February 2008 03:25, Bryce Nesbitt wrote:
> Yes, the view approach has some advantages.  But it still leaves the
> underlying tables naked to modification.
> And since the most likely error is... well... me (or another admin) at
> the SQL prompt, we want underlying tables protected also.
>
> chester c young wrote:
> > instead of triggers I use update-able views and permissions.
> >
> > 1. all dml goes through the view
> > 2. use rules on the view to do dml to the table
> > 3. in rules prevent updating all/any columns when whatever
> > 4. grant dml to view to your pgconnect user
> > 5. revoke dml from table to your pgconnect user
> >
> > imho another instance where rules rule.  for example, you can easily
> > fit logging into the same view.

You can use rules on the underlying tables themselves (on update do nothing) 
which tends to work pretty well.  You can also add triggers into the mix to 
raise errors on update. Also dont forget to revoke update/delete/install 
privileges as appropriate. And look into vacuum freeze. 

-- 
Robert Treat
Build A Brighter LAMP :: Linux Apache {middleware} PostgreSQL

In response to

Responses

pgsql-sql by date

Next:From: Phillip SmithDate: 2008-02-22 04:09:11
Subject: Re: Proposed archival read only trigger on rows - prevent history modification
Previous:From: Sebastian RychterDate: 2008-02-21 18:55:35
Subject: Re: Data layer migration from MSSQL

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group