From: | jason(at)openinformatics(dot)com (Jason E(dot) Stewart) |
---|---|
To: | pgsql-interfaces(at)postgresql(dot)org |
Subject: | View permissions |
Date: | 2004-04-04 15:42:23 |
Message-ID: | 87ekr3iwbk.fsf@openinformatics.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-interfaces |
Hi,
I appologize if this is the incorrect list, but it is the only one to
which I subscribe.
Is it possible to use table permissions to restrict UPDATE's and
DELETE's on views? Or does that need to happen in the rules which
remap the events?
I have a view with the following permissions:
genex2=> \dp genex_measured_bioassay_view
Access privileges for database "genex2"
Schema | Table | Access privileges
--------+------------------------------+-------------------------------------------------------------------
public | genex_measured_bioassay_view | {=,genex=arwdRxt,"group genex_user=r","group genex_curator=arwd"}
My belief was that by restricting members of the genex_user group to
SELECT only access, they would not be able to make UPDATE's on the
view. But this is not the case, they are able to make updates.
I have a rule which re-maps the UPDATE to the underlying table as
follows:
CREATE RULE GENEX_MEASURED_BIOASSAY_VIEW_upd AS ON UPDATE TO GENEX_MEASURED_BIOASSAY_VIEW
DO INSTEAD
UPDATE GENEX_MEASURED_BIOASSAY SET
"mba_pk" = NEW."mba_pk",
"fe_sw_fk" = NEW."fe_sw_fk",
"name" = NEW."name",
"identifier" = NEW."identifier",
"description" = NEW."description",
"audit_fk" = NEW."audit_fk"
WHERE "mba_pk" = NEW."mba_pk";
Does this rule bypass the permissions on the view?
Thanks in advance,
jas.
From | Date | Subject | |
---|---|---|---|
Next Message | L J Bayuk | 2004-04-06 01:14:54 | Re: Date/Time atributes and binary cursors |
Previous Message | Michael Meskes | 2004-04-03 16:27:35 | Re: ECPG and COPY TO STDOUT |