On 5/5/2011 3:26 PM, Rick Genter wrote:
>
> Hm. I think the way I would handle this is to put the business logic
> for inserting/updating into the room_assignments table into one or
> more functions and have a special user that owns the tables and owns
> the functions and declare the functions to be SECURITY DEFINER. Revoke
> INSERT/UPDATE/DELETE access to the tables from all other users. Then
> you grant your regular users EXECUTE access to the functions. The
> functions run as the user that created them, so they will have direct
> INSERT/UPDATE/DELETE access to the tables while your regular users won't.
>
Thanks everyone for your advice. I think this type of approach will be
very helpful.
--
Jack Christensen
jackc@hylesanderson.edu