Hi.
There was an idea to make access to the data only through the built - in
functions (on C). There is a table 't_test' which the superuser can read and
write down. There are functions of access, for example, for an insert of the
data:
PG_FUNCTION_INFO_V1(f_test);
Datum
f_test(PG_FUNCTION_ARGS)
{
int ret, proc;
SPI_connect();
ret = SPI_exec("INSERT INTO t_test VALUES ('7', 'hi there')", 0);
proc = SPI_processed;
SPI_finish();
return (proc);
}
It is supposed further, that function will check the data and to carry out
something else, unimportantly. And so. It would be desirable, that this
function was carried out by the usual user, and it could work "as" superuser.
That is has executed an insert of the data. Read caution about "trojan horses"
in functions which allow the usual user to get access to the data which are
inaccessible to him. Here is how this idea I wanted to apply time in positive
sense. So I grant execute of this function to 'testo' user
=> GRANT EXECUTE ON FUNCTION f_test(INT, CHAR) TO testo;
However I receive a mistake
=> SELECT f_test('1','2');
ERROR: t_test: permission denied
How to realize this idea?
--
engineer