Skip site navigation (1) Skip section navigation (2)

Re: [SQL] about permissions

From: wieck(at)debis(dot)com (Jan Wieck)
To: rems(at)gdansk(dot)sprint(dot)pl (Remigiusz Sokolowski)
Cc: pgsql-sql(at)postgreSQL(dot)org
Subject: Re: [SQL] about permissions
Date: 1999-05-26 13:42:14
Message-ID: m10mdwl-000EBPC@orion.SAPserv.Hamburg.dsh.de (view raw or flat)
Thread:
Lists: pgsql-sql
Remigiusz Sokolowski wrote:

>
> hi!
> First short explanation:
> I create application in php. In scripts I need sometimes check if user has
> permissions to for example update values in some table
>
> So question:
> How should looks my queryi like?
>
> I mean something like
> select pg_class.relacl where relname='cust' and
> pg_class.relacl[2]='my_user=arwR'; (this query doesn't work)
>
> and another difficult problem:
> I don't know what place in relacl array is occupied by permissions for my
> user and of course can't check for string 'myuser=arwR' cause permissions
> could be 'arw', 'ar', 'r'.
> Naturally I can solve this by taking whole array and processing data in
> php, but
> I could be really fine to solve this inside postgres

    You  can  compile+install PL/Tcl in your database and use the
    function I've included at the end. It's usage is:

    --
    -- PL/Tcl function to verify if a user has specific permissions
    -- on a relation.
    --
    -- Usage:      check_permission(relname,username,perms)
    --
    --             perms is a string consisting of any combination of the
    --             characters a,r,w and R (R means RULE permission).
    --
    -- Returns:    true if user has ALL permissions
    --             false if at least one permission is missing
    --
    -- Exceptions: generates an error if the relation or it's owner
    --             aren't found in the system catalogs
    --

    The perms string can be given in any order, so 'awr' is equal
    to   'raw'.   It   follows  the  PostgreSQL  semantics  where
    superusers  bypass  all  access  restrictions,  a  user   not
    explicitly  listed  in  the  acl has the rights of the public
    entry and if there is no acl at all, only the owner has  full
    rights.

    It  does  NOT  handle group permissions up to now. You didn't
    told that you need this functionality too.

    Hope that solves your problem.


Jan

--

#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me.                                  #
#======================================== jwieck(at)debis(dot)com (Jan Wieck) #



In response to

Responses

pgsql-sql by date

Next:From: Jan WieckDate: 1999-05-26 13:49:58
Subject: Re: [SQL] about permissions
Previous:From: Remigiusz SokolowskiDate: 1999-05-26 12:23:38
Subject: about permissions

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group