On 01/03/10 12:16, rawi wrote:
>
>> Not quite the way you suggest. You could build a series of views with
>> the WHERE conditions built in to them, and grant permissions on those
>> though.
>
> Thank you very much for your help.
>
> Unfortunately is this not what I hoped...
> The permissions will be granted dynamic by the application out of the
> user-records and expressed in the WHERE flags.
> I'll need another approach...
You could write a set-returning function that takes either:
1. A list of conditions
2. The text for a WHERE clause
If it gets no conditions or a blank string, it returns nothing.
You will need to create the function with SECURITY DEFINER permissions,
as a user who can read from the table. Make sure the application cannot
read from the table and has to use the function.
-- Richard Huxton Archonet Ltd