From: | "Samuel Greenfeld" <gree3776(at)rowan(dot)edu> |
---|---|
To: | "<"<pgsql-admin(at)postgresql(dot)org> |
Subject: | Controlling user table creation |
Date: | 2001-01-28 20:23:03 |
Message-ID: | sa74396f.040@groupwise.rowan.edu |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
( I know this is slightly OT, but since I am not a highly active SQL developer, please bear with me.)
Watching this list, I have noticed several people mutter about the fact that any user with access to a database can create a table in it. I do not know if this would work, but I would like to propose a possible workaround. Use this information at your own risk; I do not know if this would work, cause more damage than good, etc.
While I am no means an SQL wizard, one of the things I know postgres supports is the ability to create rules. At least under 7.0.2, it seems that rules can be applied to a system table, such as pg_tables. Now, I don't know if SQL rules can do things a user normally could not do. But given that I could create a rule on a pg_tables, one wonders if such a rule could be used to keep users from making tables.
The rule would go something like this (more pseudo-code than SQL code):
ON INSERT pg_tables WHERE (current_user not a superuser) AND (current_user not in allowed_tablecreator_list) DO DROP (last_table added to pg_tables);
This might not exactly work, as pg_tables might not be the last thing to know about a table being added. This also might not work if the rule is executed before pg_tables gets modified, or if rules can not modify system tables (I only tried a "DO NOTHING"). If a rule is the first thing that learns about a table operation, DO INSTEAD NOTHING might work, even in the case where a user can not modify the system tables.
Historically, I have not used rules with any of my SQL databases, so I do not know if this would work. But any insight as to what can/can not be done in this area would be useful.
Sincerely,
Samuel Greenfeld
From | Date | Subject | |
---|---|---|---|
Next Message | Bogdan Paduraru | 2001-01-28 20:41:20 | Tuple problem |
Previous Message | Max Pyziur | 2001-01-28 19:43:06 | Re: RedHat RPM install errors - advice needed |