Re: [SQL] about permissions

From: wieck(at)debis(dot)com (Jan Wieck)
To: rems(at)gdansk(dot)sprint(dot)pl (Remigiusz Sokolowski)
Cc: pgsql-sql(at)postgreSQL(dot)org
Subject: Re: [SQL] about permissions
Date: 1999-05-26 13:42:14
Message-ID: m10mdwl-000EBPC@orion.SAPserv.Hamburg.dsh.de
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-sql

Remigiusz Sokolowski wrote:

>
> hi!
> First short explanation:
> I create application in php. In scripts I need sometimes check if user has
> permissions to for example update values in some table
>
> So question:
> How should looks my queryi like?
>
> I mean something like
> select pg_class.relacl where relname='cust' and
> pg_class.relacl[2]='my_user=arwR'; (this query doesn't work)
>
> and another difficult problem:
> I don't know what place in relacl array is occupied by permissions for my
> user and of course can't check for string 'myuser=arwR' cause permissions
> could be 'arw', 'ar', 'r'.
> Naturally I can solve this by taking whole array and processing data in
> php, but
> I could be really fine to solve this inside postgres

You can compile+install PL/Tcl in your database and use the
function I've included at the end. It's usage is:

--
-- PL/Tcl function to verify if a user has specific permissions
-- on a relation.
--
-- Usage: check_permission(relname,username,perms)
--
-- perms is a string consisting of any combination of the
-- characters a,r,w and R (R means RULE permission).
--
-- Returns: true if user has ALL permissions
-- false if at least one permission is missing
--
-- Exceptions: generates an error if the relation or it's owner
-- aren't found in the system catalogs
--

The perms string can be given in any order, so 'awr' is equal
to 'raw'. It follows the PostgreSQL semantics where
superusers bypass all access restrictions, a user not
explicitly listed in the acl has the rights of the public
entry and if there is no acl at all, only the owner has full
rights.

It does NOT handle group permissions up to now. You didn't
told that you need this functionality too.

Hope that solves your problem.

Jan

--

#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#======================================== jwieck(at)debis(dot)com (Jan Wieck) #

In response to

Responses

Browse pgsql-sql by date

  From Date Subject
Next Message Jan Wieck 1999-05-26 13:49:58 Re: [SQL] about permissions
Previous Message Remigiusz Sokolowski 1999-05-26 12:23:38 about permissions