Skip site navigation (1) Skip section navigation (2)

View permissions

From: jason(at)openinformatics(dot)com (Jason E(dot) Stewart)
To: pgsql-interfaces(at)postgresql(dot)org
Subject: View permissions
Date: 2004-04-04 15:42:23
Message-ID: 87ekr3iwbk.fsf@openinformatics.com (view raw or flat)
Thread:
Lists: pgsql-interfaces
Hi,

I appologize if this is the incorrect list, but it is the only one to
which I subscribe.

Is it possible to use table permissions to restrict UPDATE's and
DELETE's on views? Or does that need to happen in the rules which
remap the events?

I have a view with the following permissions:

genex2=> \dp genex_measured_bioassay_view
                                  Access privileges for database "genex2"
 Schema |            Table             |                         Access privileges                         
--------+------------------------------+-------------------------------------------------------------------
 public | genex_measured_bioassay_view | {=,genex=arwdRxt,"group genex_user=r","group genex_curator=arwd"}

My belief was that by restricting members of the genex_user group to
SELECT only access, they would not be able to make UPDATE's on the
view. But this is not the case, they are able to make updates.

I have a rule which re-maps the UPDATE to the underlying table as
follows: 

CREATE RULE GENEX_MEASURED_BIOASSAY_VIEW_upd AS ON UPDATE TO GENEX_MEASURED_BIOASSAY_VIEW
    DO INSTEAD
    UPDATE GENEX_MEASURED_BIOASSAY SET
"mba_pk" = NEW."mba_pk",
"fe_sw_fk" = NEW."fe_sw_fk",
"name" = NEW."name",
"identifier" = NEW."identifier",
"description" = NEW."description",
"audit_fk" = NEW."audit_fk"
   WHERE "mba_pk" = NEW."mba_pk";

Does this rule bypass the permissions on the view?

Thanks in advance,
jas.

pgsql-interfaces by date

Next:From: L J BayukDate: 2004-04-06 01:14:54
Subject: Re: Date/Time atributes and binary cursors
Previous:From: Michael MeskesDate: 2004-04-03 16:27:35
Subject: Re: ECPG and COPY TO STDOUT

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group