Re: execute permissions of stored procedures?

On Mon, Feb 18, 2002 at 01:21:50PM -0500, Doug McNaught wrote:
> eric(at)datalink(dot)nl writes:
>
> > In Solid it was possible to create a procedure (It looks like that a
> > postgreSQL function is similar to that) and then to do a GRANT for
> > EXECUTE rights on this procedure. How can I do this in PostgrSQL?
> >
> > I want to use PostgreSQL as a database for our dynamic website, and
> > the only thing I want to allow to the standard 'webuser' is to
> > execute some procedures. The use of a grant to a procedure allows
> > me to be able to insert/update some specific rows in a database in a
> > very specific way by a user that normally wouldn't even be allowed
> > to do a SELECT on this table.
>
> I think the only current way to do this is to create views and insert
> rules for the views, and grant the web user access to the views rather
> than the underlying table. This *should* be doable, depending on what
> you need to do in the rules.

> Having 'setuid' functions has been talked about, but I don't think
> it's currently there.

I really am stunned. How is it possible that such an essential feature is
simply missing from a database like PostgreSQL? Are you expecting that all
security for the database should be implemented ONLY at the top level, the
users frontend? This is really unacceptable for me, I really need security from
the bottom up, which in this case is the Database.

Is there any idea if/when this will be implemented?

--
#!perl # Life ain't fair, but root passwords help.
# Eric Veldhuyzen eric(at)terra(dot)telemediair(dot)nl
$!=$;=$_+(++$_);($:,$~,$/,$^,$*,$@)=$!=~ # Perl Monger
/.(.)...(.)(.)....(.)..(.)..(.)/;`$^$~$/$: $^$*$(at)$~ $_>&$;`