| From: | wieck(at)debis(dot)com (Jan Wieck) |
|---|---|
| To: | stevew(at)bigeric(dot)force9(dot)co(dot)uk (stevew) |
| Cc: | pgsql-sql(at)postgreSQL(dot)org |
| Subject: | Re: [SQL] Function security? |
| Date: | 1999-06-16 10:50:43 |
| Message-ID: | m10uDHH-0003kLC@orion.SAPserv.Hamburg.dsh.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
>
> I wish to control access to some tables, so I do not want to grant
> select to all users. Instead I would like to use some functions which
> return the info.
>
> So I have some tables owned by admin
> I have a user who does not have select permission on the tables owned by
> admin.
> admin has created some functions which perform some selects on admin's
> tables.
> When user runs these functions, user gets permission denied.
>
> Is there a way to let the user be admin when running the functions ????
>
> You can do this with Oracle.
PostgreSQL doesn't support this kind of SETUID for functions
or trigger procedures up to now (there are plans to do so but
it didn't make it for v6.5).
You could use a view instead, which presents the data you
want to make accessible, and grant the required permissions
on the view. The view should not contain any function calls
that internally do their own queries (usually over SPI)
because these function internal queries are again executed
under the current users permissions and would probably fail.
Jan
--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#========================================= wieck(at)debis(dot)com (Jan Wieck) #
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jan Wieck | 1999-06-16 10:55:37 | Re: [SQL] example of trigger to track DB changes |
| Previous Message | Vince Vielhaber | 1999-06-16 10:48:45 | Re: [HACKERS] Postgres mailing lists |