From: | Adrian Klaver <aklaver(at)comcast(dot)net> |
---|---|
To: | pgsql-sql(at)postgresql(dot)org |
Cc: | "Christopher Maier" <maier(at)med(dot)unc(dot)edu>, "Alvaro Herrera" <alvherre(at)commandprompt(dot)com> |
Subject: | Re: Problem with delete trigger: how to allow only triggers to delete a row? |
Date: | 2008-10-10 20:57:28 |
Message-ID: | 200810101357.28800.aklaver@comcast.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-sql |
On Friday 10 October 2008 11:25:05 am Christopher Maier wrote:
> On Oct 10, 2008, at 2:05 PM, Alvaro Herrera wrote:
> > Looks like you should revoke DELETE privilege from plain users, and
> > have your delete trigger be a security definer function. There
> > would be
> > another security definer function to delete non-deduced rows which
> > users
> > can call directly.
>
> Thanks, Alvaro. So you're suggesting I create a function like this:
>
> CREATE FUNCTION user_delete(identifier my_table.id%TYPE) RETURNS VOID
> LANGUAGE plpgsql SECURITY DEFINER AS $$
> BEGIN
> ...
> -- do various checks
> ...
> DELETE FROM my_table WHERE id = identifier;
> ...
> END;
> $$;
>
> Correct? That sounds like it would work. If at all possible, I'd
> like to keep the "interface" the same for all my tables, though (i.e.,
> users don't have to be concerned with whether they can do regular SQL
> deletes, or if they have to call a special function). I suppose that
> can ultimately be hidden, though.
>
> I will try this approach and see how it works out. If there is any
> other way to achieve this goal, however, I would be interested to hear.
>
> Thanks again.
>
> --Chris
A possible approach, not fully tested.
REVOKE DELETE from normal users as suggested above.
GRANT DELETE to privileged_user
Semi psuedo-code below.
CREATE OR REPLACE FUNCTION check_delete RETURNS TRIGGER AS
$Body$
BEGIN
IF current_user != 'privileged_user' AND old.deduced = 'f' THEN
SET LOCAL ROLE 'privileged_user';
--Do your sanity checks and create DELETE statements
RETURN OLD;
ELSIF current_user != 'privileged_user' AND old.deduced ='t' THEN
RETURN NULL;
ELSIF current_user = 'priviliged_user' THEN
RETURN OLD
END;
$Body$
LANGUAGE plpgsql;
--
Adrian Klaver
aklaver(at)comcast(dot)net
From | Date | Subject | |
---|---|---|---|
Next Message | Christopher Maier | 2008-10-10 21:16:28 | Re: Problem with delete trigger: how to allow only triggers to delete a row? |
Previous Message | Tom Lane | 2008-10-10 20:53:15 | Re: Problem with delete trigger: how to allow only triggers to delete a row? |