If I give column rights to a user, I can't use a general view for him, which
I read a lot about DBs and some specialists say that I must not give
direct data (table) access to users but always through a view.
Are they right? (meaning I must have as much views as users - and how
can I do that, where to put them, shall I generate them on-ze-fly,...?),
or are they wrong (meaning I only have to recover user's rights at
connection and build my queries accordingly directly toward tables)?
Whatever the complexity, security is the master word here.
A sine curve goes off to infinity, or at least the end of the blackboard.
-- Prof. Steiner
pgsql-novice by date
|Next:||From: Tom Lane||Date: 2010-06-27 14:38:03|
|Subject: Re: escape |
|Previous:||From: Jean-Yves F. Barbier||Date: 2010-06-27 14:23:31|
|Subject: Re: escape|