Re: [Extern] Re: postgres event trigger workaround
От | Julien Rouhaud |
---|---|
Тема | Re: [Extern] Re: postgres event trigger workaround |
Дата | |
Msg-id | 20220115050118.prd2kkky3ezhaozn@jrouhaud обсуждение исходный текст |
Ответ на | Re: [Extern] Re: postgres event trigger workaround (Дмитрий Иванов <firstdismay@gmail.com>) |
Ответы |
Re: [Extern] Re: postgres event trigger workaround
|
Список | pgsql-general |
Hi, On Sat, Jan 15, 2022 at 08:36:21AM +0500, Дмитрий Иванов wrote: > In my solution, all users don't need direct access to the schema because > you have to use the functional API to access it. If you can manage users > with functions, you can close the schema in the same way. > Usually the function is executed with the permissions of the calling user, > which requires permissions for all affected entities. However, if you > specify the "SECURITY DEFINER" parameter at creation, the function will be > executed with the owner's permissions. The owner of the function has no > login permissions but has permissions on the affected entities. In this way > you will close the schema from the roles that have rights to the role > management functions. Sure you can solve most problems with that. But you can't create a database (or a tablespace) from a function so this approach wouldn't cover all of OP's needs, as different approach would be needed for role and db creation.
В списке pgsql-general по дате отправления: