| From: | Robert Treat <xzilla(at)users(dot)sourceforge(dot)net> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | josh(at)agliodbs(dot)com, Luis Sousa <llsousa(at)ualg(dot)pt>, pgsql-sql <pgsql-sql(at)postgresql(dot)org> |
| Subject: | Re: Permission on insert rules |
| Date: | 2002-11-11 16:45:40 |
| Message-ID: | 1037033140.26585.34.camel@camel |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
On Fri, 2002-11-08 at 21:40, Bruce Momjian wrote:
> Josh Berkus wrote:
> >
> > Luis,
> >
> > > Just a question.
> > > I'm writing some rules to insert/update some data in my database, and I
> > > gave all the privileges on that view to the user, and only select on the
> > > tables.
> > > When that user inserts data using the view, I thought that was user
> > > postgres that will do the rest ! But I got permission denied on those
> > > tables.
> > > The idea was to create a layer, with the views, giving to that user
> > > permission on views to insert and update, and not to tables.
> > > Is this possible ?
> >
> > This is a known problem.
> >
> > I know that permissions for Functions has been addressed in 7.3. However, I
> > am not sure about permissions for updatable views. Tom, Bruce?
>
> Views have always had their own permissions.
>
If the functions can fire as there creator instead of there caller, then
I would think as long as the creator has insert/update views on the base
table, you should be able to do updateable rules and give only
permissions to the view for the caller. (Though maybe you have to use
triggers rather than rules to do this?) Does that sound right?
Robert Treat
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Josh Berkus | 2002-11-11 17:59:56 | Re: Permission on insert rules |
| Previous Message | Christoph Haller | 2002-11-11 15:55:45 | Generating a cross tab II (pivot table) |