| From: | Stephan Szabo <sszabo(at)megazone(dot)bigpanda(dot)com> |
|---|---|
| To: | Lance Arlaus <lance(dot)nospam(dot)1(at)codeberet(dot)com> |
| Cc: | PostgreSQL Novice Mailing List <pgsql-novice(at)postgresql(dot)org> |
| Subject: | Re: Privileged CUD Access via Stored Procs |
| Date: | 2005-09-03 15:47:31 |
| Message-ID: | 20050903084645.O7582@megazone.bigpanda.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
On Sat, 3 Sep 2005, Lance Arlaus wrote:
> All-
>
> I've traditionally used stored procedures in other databases as a means to
> control access to tables for create, update, and delete (CUD) operations,
> prohibiting arbitrary access and ensuring data integrity, etc. Ordinary
> users are prohibited from accessing tables directly and, instead, must use
> the procedures provided to perform modifications (while still being able to
> perform arbitrary queries on the data).
> I just started working with privileges on Postgres and I can't seem to
> implement a similar scheme. For example, if a stored procedure inserts a
> row into a table, the user must have insert privileges on the underlying
> table which would allow arbitrary, and potentially prohibited,
> modifications.
>
> Is there a way to implement this pattern on Postgres?
I think functions marked as SECURITY DEFINER will do what you want, in
that they run with the permissions of the function creator rather than the
calling user.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Fuhr | 2005-09-03 16:52:44 | Re: UPDATE: pg_dump fails due to invalid memory request |
| Previous Message | Lance Arlaus | 2005-09-03 15:40:52 | Privileged CUD Access via Stored Procs |