| From: | Bruno Wolff III <bruno(at)wolff(dot)to> |
|---|---|
| To: | Kathy Smith <ksmith(at)lanl(dot)gov> |
| Cc: | pgsql-interfaces(at)postgresql(dot)org, clittle(at)lanl(dot)gov |
| Subject: | Re: Execute access on functions |
| Date: | 2005-03-23 20:10:16 |
| Message-ID: | 20050323201016.GA30776@wolff.to |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-interfaces |
On Wed, Mar 23, 2005 at 12:35:12 -0700,
Kathy Smith <ksmith(at)lanl(dot)gov> wrote:
> I want to control access (update, delete) to my tables and have done that
> with other DBMSs using stored procedures. Besides performance, I believe
> that's one of the primary advantages of stored procedures. I grant execute
> on the procedure to a group containing the users with controlled update
> access. Never on the table. I cannot seem to find the equivalent in
> postgres. I had hoped to be able to do this with user-defined functions
> but the following statement implies that if the SECURITY DEFINER is used,
> that *anyone* who can get to that function can execute it. Hardly the
> solution I am looking for. The alternative being that I must grant update
> to the table :(
>
> The CREATE FUNCTION clause SECURITY DEFINER makes the function run with the
> privileges of the user who created it. Otherwise, the INVOKER's privileges
> are used.
>
> Am I missing something here? Is there another way?
You can control who can execute the function. By default 'public' can execute
functions, but you can revoke that access.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Larry Schmid | 2005-03-23 22:43:34 | |
| Previous Message | Kathy Smith | 2005-03-23 19:35:12 | Execute access on functions |