Skip site navigation (1) Skip section navigation (2)

Execute access on functions

From: Kathy Smith <ksmith(at)lanl(dot)gov>
To: pgsql-interfaces(at)postgresql(dot)org
Cc: clittle(at)lanl(dot)gov
Subject: Execute access on functions
Date: 2005-03-23 19:35:12
Message-ID: 6.0.3.0.2.20050323105558.02b80ff8@nis-mail.lanl.gov (view raw or flat)
Thread:
Lists: pgsql-interfaces
I want to control access (update, delete) to my tables and have done that 
with other DBMSs using stored procedures.  Besides performance, I believe 
that's one of the primary advantages of stored procedures.  I grant execute 
on the procedure to a group containing the users with controlled update 
access.  Never on the table.  I cannot seem to find the equivalent in 
postgres.  I had hoped to be able to do this with user-defined functions 
but the following statement implies that if the SECURITY DEFINER is used, 
that *anyone* who can get to that function can execute it.  Hardly the 
solution I am looking for.  The alternative being that I must grant update 
to the table :(

The CREATE FUNCTION clause SECURITY DEFINER makes the function run with the 
privileges of the user who created it. Otherwise, the INVOKER's privileges 
are used.

Am I missing something here?  Is there another way?
Thanks,
Kathy


*******************************
Kathryn K Smith
Los Alamos National Laboratory
505-699-9330
505-665-0505

The gentlest thing in the world overcomes the hardest thing in the 
world.  --Tao Te Ching 


Responses

pgsql-interfaces by date

Next:From: Bruno Wolff IIIDate: 2005-03-23 20:10:16
Subject: Re: Execute access on functions
Previous:From: Murray CummingDate: 2005-03-21 21:17:12
Subject: Re: per-database groups? (was Discovering privileges)

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group