Skip site navigation (1) Skip section navigation (2)

Re: Label Security

From: Bruno Wolff III <bruno(at)wolff(dot)to>
To: James Taylor <jtx(at)hatesville(dot)com>
Cc: pgsql-sql(at)postgresql(dot)org
Subject: Re: Label Security
Date: 2004-01-27 02:24:16
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-sql
On Mon, Jan 26, 2004 at 16:50:06 -0800,
  James Taylor <jtx(at)hatesville(dot)com> wrote:
> Ok, so for example, say I add another column to the tables I want to 
> have the row-level security on called 'security'.  I would go ahead and 
> designate
> different security levels for each user, (ex. Jane security 1000, Bill 
> 2000, Joe 3000).  Then, if I only want X user with security 1000 to 
> view Y row, I set to 1000.
> Then, I give these users no access to the table, and create views for 
> EACH user saying something to the effect of "select * from z where 
> security=securitylevel", and grant access to the views only to the user 
> itself.

You can refer to current_user in the view. This allows you to use one
view for all users. Though you still have to have some information
mapping users to rows they can access in the database.

> Couldn't a user then go into the console themselves and create a view 
> giving them full access to the table?

You don't have to give them access to the table directly in order to
have the view work. When accessing a table through a view you have the
rights of the person who created the view.

In response to

pgsql-sql by date

Next:From: Robert CreagerDate: 2004-01-27 03:23:38
Subject: Re: [SQL] Database diagram
Previous:From: azwaDate: 2004-01-27 01:42:27
Subject: Re: time series data

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group