| From: | Rick Delaney <rick(at)consumercontact(dot)com> |
|---|---|
| To: | pgsql-sql(at)postgresql(dot)org |
| Subject: | Permissions for foreign keys |
| Date: | 2001-01-31 00:50:05 |
| Message-ID: | 3A77613D.184BB8D8@consumercontact.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
I'm using 7.0 and have noticed that I need to grant SELECT and UPDATE
permissions on any referentially-related tables. Can/should I get
around this? A somewhat contrived example:
CREATE TABLE emp (
id integer PRIMARY KEY,
salary integer
);
CREATE TABLE proj (
id integer PRIMARY KEY,
emp_id integer REFERENCES emp
);
CREATE TABLE bill (
id integer PRIMARY KEY,
proj_id integer REFERENCES proj
);
INSERT INTO emp VALUES (1, 100000);
INSERT INTO proj VALUES (1, 1);
INSERT INTO bill VALUES (1, 1);
GRANT ALL ON proj TO someone;
Connect as someone:
=> INSERT INTO proj VALUES (2, 1);
ERROR: emp: Permission denied.
=> UPDATE proj SET id = 2;
ERROR: bill: Permission denied.
It appears that I need to grant:
SELECT,UPDATE on emp to UPDATE or INSERT into proj.
SELECT,UPDATE on bill to UPDATE proj.
When I grant these permissions, the above statements succeed.
If I don't want users to have UPDATE (or even SELECT) access on the
other tables (bill and emp), but I want referential integrity, what can
I do?
--
Rick Delaney
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christopher Sawtell | 2001-01-31 00:58:46 | Re: Automated scripting... |
| Previous Message | jkakar | 2001-01-30 23:54:53 | Automated scripting... |