| From: | mgill(at)pointdx(dot)com |
|---|---|
| To: | Bruno Wolff III <bruno(at)wolff(dot)to> |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Restrict users from describing table |
| Date: | 2004-01-09 14:05:04 |
| Message-ID: | 1073657104.3ffeb510b3930@remote.pointdx.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Quoting Bruno Wolff III <bruno(at)wolff(dot)to>:
> On Mon, Jan 05, 2004 at 11:32:42 +0500,
> Michael Gill <mgill(at)pointdx(dot)com> wrote:
> >
> > I think I have found the simple solution by separating the user from the
> > owner of the tables, however!
> >
> > I have simply created tables and functions in the owner's schema(A),
> > then granted execution to the other user(B). My brief testing indicates
> > that B cannot access or describe A's objects, yet can execute the
> > function that retrieves data and returns a ref cursor.
> >
>
> This won't work as they can still get at the system catalog which will
> allow them to see the schema.
>
You're correct. There doesn't seem to be a way to restrict a user from reading
the system tables.
To limit the client to only accessing the data through functions, I'm looking at
creating a java-based api to wrap all accesses to the db. The client machine
wouldn't need a db password, merely asking for DML through the api.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Potuganti Ramu | 2004-01-09 14:14:03 | "with grant option" for user groups. |
| Previous Message | Potuganti Ramu | 2004-01-09 14:02:31 | "with grant option" for user groups. |