Skip site navigation (1) Skip section navigation (2)

Re: Rewrite SELECT WHERE clause on per-session bases. Modifing view source code in one session (user's) from another session (admin's)?

From: Decibel! <decibel(at)decibel(dot)org>
To: sftf <sftf-misc(at)mail(dot)ru>
Cc: pgsql-admin(at)postgresql(dot)org
Subject: Re: Rewrite SELECT WHERE clause on per-session bases. Modifing view source code in one session (user's) from another session (admin's)?
Date: 2008-07-16 03:07:59
Message-ID: 8B0844A8-0607-410E-B487-DD093D56ED20@decibel.org (view raw or flat)
Thread:
Lists: pgsql-admin
On Jul 14, 2008, at 12:26 AM, sftf wrote:
> In my application's security scheme I'm planing to restrict users  
> to view only particular "types" of records,
> where "types" is set of WHERE predicates for each view, dynamically  
> defined in application.
> I believe it's most efficient way to do such things, instead of  
> calling some decision function for each row
> in view's SELECT, for example.
>
> So, for these porposes I need some mechanism allowing "on the fly"  
> modification of view's SELECT's.
> At the beggining I review CREATE RULE ON SELECT variant, but rules  
> are "database-wide" not "session-wide" and
> SELECT rules don't allow WHERE clause.
>
> My current solution is creating temporary viwes for each  
> application user with
> appropriate WHERE restrictions at the session begining  (but rules  
> could be more convient).
> By this way view permissions (what "types" user can select fron  
> view) are can't be changed during session
> (user can't modify view by design).
>
> So question is: is it possible to modify view source code in one  
> session (user's) from another session (admin's)?
> Or may be more convenient way to rewrite SELECT WHERE clause on per- 
> session bases exist (similar to RULES)?
> Thanks.

Search pgFoundry for veil; I believe it will do what you want.
-- 
Decibel!, aka Jim C. Nasby, Database Architect  decibel(at)decibel(dot)org
Give your computer some brain candy! www.distributed.net Team #1828


In response to

pgsql-admin by date

Next:From: Matthew T. O'ConnorDate: 2008-07-16 05:27:24
Subject: Re: More Autovacuum questions
Previous:From: Vishal AroraDate: 2008-07-16 02:46:26
Subject: Re: Jobs using pgagent

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group