Re: Disabling START TRANSACTION for a SuperUser

Thanks Craig,

There are a lot of details and its overwhelming.... :-) Let me digest and
will post for any help....
On 27-Oct-2015 7:21 PM, "Craig Ringer" <craig(at)2ndquadrant(dot)com> wrote:

> On 27 October 2015 at 21:19, rajan <[hidden email]
> <http:///user/SendEmail.jtp?type=node&node=5871647&i=0>> wrote:
> > Hey Craig,
> >
> > Thanks for your response. Seems like the workaround is difficult.
> >
> > I am trying to understand
> > "
> > ExecutorStart_hook and ProcessUtility_hook
>
> Doing what you want will require being willing to spend a fair bit of
> time becoming familiar with PostgreSQL's innards, writing extensions,
> etc. It's not a simple "download, compile, run" process. You will need
> to be confident with C programming and reading source code.
>
> Here's some code that filters allowable commands. It doesn't care
> which user id is used, but it's pretty simple to add a check to only
> run the filter when a particular user ID is the active user. This
> won't do what you want, but serves as a rough example of how you can
> filter statements based on the parsed statement data:
>
> https://github.com/2ndQuadrant/bdr/blob/bdr-plugin/next/bdr_commandfilter.c
>
> and also:
>
> http://www.postgresql.org/docs/current/static/xfunc-c.html
> http://www.postgresql.org/docs/current/static/extend-extensions.html
> http://www.postgresql.org/docs/current/static/extend-pgxs.html
>
> Note that BDR's command filter doesn't do anything to
> insert/update/delete/select. For that you'd *also* need an
> ExecutorStart_hook or similar.
>
> If this is going way too deep, perhaps you should post to
> pgsql-general with a description of the underlying problem you are
> trying to solve, i.e. *why* you want to be able to have a superuser
> who can alter users but can't select, etc. What's the problem you're
> trying to solve with this?
>
> --
> Craig Ringer http://www.2ndQuadrant.com/
> PostgreSQL Development, 24x7 Support, Training & Services
>
>
> --
> Sent via pgsql-hackers mailing list ([hidden email]
> <http:///user/SendEmail.jtp?type=node&node=5871647&i=1>)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-hackers
>
>
> ------------------------------
> If you reply to this email, your message will be added to the discussion
> below:
>
> http://postgresql.nabble.com/Disabling-START-TRANSACTION-for-a-SuperUser-tp5871630p5871647.html
> To unsubscribe from Disabling START TRANSACTION for a SuperUser, click
> here
> <http://postgresql.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=5871630&code=dmdtb25uZXRAZ21haWwuY29tfDU4NzE2MzB8MTg2MjE3MzA5Nw==>
> .
> NAML
> <http://postgresql.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>