Re: security permissions for functions
От | Ted Byers |
---|---|
Тема | Re: security permissions for functions |
Дата | |
Msg-id | 0a5501c7620a$6a858a00$6401a8c0@RnDworkstation обсуждение исходный текст |
Ответ на | security permissions for functions (Rikard Pavelic <rikard.pavelic@zg.htnet.hr>) |
Ответы |
Re: security permissions for functions
|
Список | pgsql-general |
> > Functions are controlled by the same ACL mechanism that tables and > everything > else follows. Thus you have the idea of "user id X may do Y with object > Z" > i.e. "user "barbara" may "execute" function "somefunction()". > > But there's no real way to alter those permissions outside of changing the > user ID context. > So, I should be able to have "user "barbara" "execute" function "somefunction()", but, though barbara must not have access of object alpha lets say for data security reasons (and user sarah does), I could have function somefunction invoke another function that stores information about barbara's action to object alpha by changing user context temporarily and without barbara's knowledge; basically saying within function "somefunction()" something like "execute function 'someotherfunction()' impersonating sarah and stop impersonating sarah once someotherfunction returns. Much like the way I can log in to Windows or Linux as one user and temporarily impersonate another while executing a particular program or administrative function (e,g, log into Linux as a mere mortal, start a bash shell providing credentials for an admin account, do my admin type stuff and then close the shell). Or have I misunderstood you here WRT user ID context? Ted
В списке pgsql-general по дате отправления: