| From: | Richard Huxton <dev(at)archonet(dot)com> |
|---|---|
| To: | dipti shah <shahdipti1980(at)gmail(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org, pgsql-novice <pgsql-novice(at)postgresql(dot)org> |
| Subject: | Re: Define permissions at database level |
| Date: | 2010-02-18 10:04:50 |
| Message-ID: | 4B7D10C2.60907@archonet.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-novice |
On 18/02/10 08:53, dipti shah wrote:
> Hi,
>
> Is it possible to define the permissions at database level such that no
> users(except postgres) can execute DROP, ALTER, TRUNCATE commands directily?
> Users have to use the given stored procedures.
1. Place users into appropriate groups (makes it easier to manage
later). Note that groups and users are actually both just roles.
2. Use GRANT/REVOKE to restrict what those users can do.
3. Write your "alter table" function owned by user "postgres" and make
sure it's marked "SECURITY DEFINER".
http://www.postgresql.org/docs/8.4/static/user-manag.html
http://www.postgresql.org/docs/8.4/static/sql-createfunction.html
--
Richard Huxton
Archonet Ltd
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Grzegorz Jaśkiewicz | 2010-02-18 10:06:46 | Re: define transaction within pg/psql. Necessary? |
| Previous Message | Antonio Goméz Soto | 2010-02-18 10:02:02 | define transaction within pg/psql. Necessary? |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | A B | 2010-02-18 10:10:32 | How to select all columns and insert into other table |
| Previous Message | dipti shah | 2010-02-18 08:53:20 | Define permissions at database level |