Skip site navigation (1) Skip section navigation (2)

Re: Allowing update of column only from trigger

From: Shawn Harrison <harrison(at)tbc(dot)net>
To: PgSQL General List <pgsql-general(at)postgresql(dot)org>
Subject: Re: Allowing update of column only from trigger
Date: 2005-01-31 18:35:35
Message-ID: 41FE7A77.9010807@tbc.net (view raw or flat)
Thread:
Lists: pgsql-general
Andrey V. Semyonov wrote [01/29/05 12:45 PM]:
> isn't it possible to restrict UPDATE by access rights based on the DB's 
> user?
> 
> Create table with owner set to the administrator of the database (NOT 
> PostgreSQL SERVER!!!) and grant only the needed rights (or none of them) 
> to the user from which the usual processing of the database will be 
> performed. Then, create a trigger function with SECURITY DEFINER set and 
> own it by the owner of the database (or other user, who's granted to 
> UPDATE the table). So, if no one else is granted UPDATE on the table, 
> the only UPDATE-modifiers of the table will be the owner and the trigger 
> function's owner (if differs from owner).

Thank you for explaining this. I haven't done much with rights within 
the database, but it seems you have explained how to do exactly what I 
had been considering as the "rights"-oriented solution to my problem.

> Best regards,
>    Andrey V. Semyonov

Take care,
Shawn Harrison
-- 
________________
harrison(at)tbc(dot)net

In response to

pgsql-general by date

Next:From: Sven WillenbergerDate: 2005-01-31 18:49:44
Subject: Re: Dereferencing a 2-dimensional array in plpgsql
Previous:From: Shawn HarrisonDate: 2005-01-31 18:33:50
Subject: Re: Allowing update of column only from trigger

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group