Re: creating variable views
От | Tom Lane |
---|---|
Тема | Re: creating variable views |
Дата | |
Msg-id | 28562.994532624@sss.pgh.pa.us обсуждение исходный текст |
Ответ на | Re: creating variable views (Dado Feigenblatt <dado@wildbrain.com>) |
Список | pgsql-sql |
Dado Feigenblatt <dado@wildbrain.com> writes: > One thing that still isn't clear for me is how to implement access level > control on a per row basis. The SQL GRANT/REVOKE stuff doesn't deal with anything finer-grain than tables. The best way I know to cope with a need for row-level read access control is to create a view that shows only the records you want someone to be able to see, then grant them access to the view not the original table. For write access control, you have a choice of putting the controls into the ON INSERT etc rules you make for the view, or attaching triggers to the underlying table and checking access permissions in the triggers. The trigger method is probably easier to deal with, but bear in mind that such triggers will fire for everyone, including people who've been granted direct access to the underlying table. This might or might not be just what you want... regards, tom lane
В списке pgsql-sql по дате отправления: