[9.5] question about row level security
От | Andreas Kretschmer |
---|---|
Тема | [9.5] question about row level security |
Дата | |
Msg-id | 20150715075529.GA15156@tux обсуждение исходный текст |
Ответы |
Re: [9.5] question about row level security
|
Список | pgsql-general |
Hello @ll, how can i define a policy to prevent update a single field but enable update other fields in a row? For instance, a staff member table. the boss should be able to change all fields but not a specific field in all rows, but should be able to update this field for his own row. id | name | boss |col1 | col_privat -------------------------------- 1 | boss | boss | 10 | boss privat 2 | joe | boss | 20 | joe privat 3 | sue | boss | 30 | sue privat boss should be able to edit all except col_privat for id=2 and 3, but he should be able update this column for id=1. Therefore i can't revoce the update-priv for this column. create policy enable_boss on <table> for update using (boss=current_user) with check (???) Is there a way to access old.* and new.* like within a trigger? (something like with check(old.col_privat=new.col_privat)) Andreas -- Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect. (Linus Torvalds) "If I was god, I would recompile penguin with --enable-fly." (unknown) Kaufbach, Saxony, Germany, Europe. N 51.05082°, E 13.56889°
В списке pgsql-general по дате отправления: