Skip site navigation (1) Skip section navigation (2)

Re: view and column rights

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Jean-Yves F(dot) Barbier" <12ukwn(at)gmail(dot)com>
Cc: pgsql-novice(at)postgresql(dot)org
Subject: Re: view and column rights
Date: 2010-06-27 14:51:07
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-novice
"Jean-Yves F. Barbier" <12ukwn(at)gmail(dot)com> writes:
> I read a lot about DBs and some specialists say that I must not give
> direct data (table) access to users but always through a view.

I don't believe that idea is meant to offer added security.  What it is
said to be good for is isolating your applications from future changes
in the definition of the underlying table.  I think its actual
usefulness for that is pretty limited, though.

Because PG lacks automatically-updatable views, it's difficult to
recommend this approach except for cases where the users need only
read-only access.  Otherwise you're going to be trying to rely on
rules to handle update cases, and you'll be in for a world of pain.
The rule mechanism is full of gotchas.

Personally I'd skip the insulating-view idea in nearly all cases.

			regards, tom lane

In response to

pgsql-novice by date

Next:From: Atif JungDate: 2010-06-28 11:27:01
Previous:From: Tom LaneDate: 2010-06-27 14:38:03
Subject: Re: escape

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group