Skip site navigation (1) Skip section navigation (2)

Execute permissions for stored functions

From: Paul Hart <paulhart(at)redchocolate(dot)ca>
To: pgsql-sql(at)postgresql(dot)org
Cc: Paul Hart <paulhart(at)redchocolate(dot)ca>
Subject: Execute permissions for stored functions
Date: 2004-01-19 02:58:38
Message-ID: 61572386-4A2B-11D8-8678-000393CC268A@redchocolate.ca (view raw or flat)
Thread:
Lists: pgsql-sql
Hi all,

 From what I've seen in the archives, questions like this have kind of 
been answered in the past, but I was wondering if there have been any 
changes in this area, or if anyone has good ideas on how to do what I'm 
about to ask :)

In RDBMSs such as Oracle, stored PL/SQL functions run with the 
permissions of the user that creates the function. Users who are given 
EXECUTE privileges then call the function with the permissions of the 
creator of the function.

Is this how things work with PL/pgSQL in PostgreSQL? From my 
understanding, the answer is 'no.' If the answer really is 'no,' then 
how do I achieve the same thing?

The main benefit for this is in security - I have a dynamic web 
application that requires (a lot of) access to a PostgreSQL database. I 
want to make sure that the user doesn't have direct access to change 
the content of tables, but rather to alter their contents, in 
predetermined ways, through a set of functions. It's another layer that 
protects against hacking, and because my project involves a lot of 
monetary transactions (and database transactions), I want to reduce my 
potential for malicious abuse.

Many thanks in advance for you help,

Paul

Responses

pgsql-sql by date

Next:From: Tom LaneDate: 2004-01-19 04:10:29
Subject: Re: Problem with LEFT JOIN
Previous:From: Vishal Kashyap @ [Sai Hertz And Control Systems]Date: 2004-01-18 22:29:00
Subject: Re: Trigger to identify which column(s) updated

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group