I've been searching the lists and found a similar question but there have no
replies.
What I would like to be able to do in Postgres is give users/groups the
ability to execute stored procedures on a per procedure basis.
I am looking into the Rules system, thinking that this is acheiveable through
the use of query rewriting, dummy tables and _insert, _delete, _update rules.
I see in the internals.ps (docs directory) file there is an example (2.5.8 /
pg 49-50) of creating a dummy table and a rule that gets executed when
someone issues a SELECT on that dummy table.
The rule defines the actual query which is executed, so the *user* is none
the wiser. That's a start.
It seems that keeping track of *dummy* tables could get hairy and somone
cleaning up could accidentally remove a dummy table and disable a whole mess
of things inadvertenty.
It would appear to be possible to set ACLs on a dummy table to only allow
certain users/groups to execute the select, insert, update or delete on the
dummy table itself. Thereby using the built-in postgres security to intervene
and before the rules are ever executed.
There is an example of the use of a rule to prevent an insert on a table that
uses a special naming convention, <tablename>_insert that automatically gets
executed when the INSERT is issued. (and similarly for the
<tablename>_select, <tablename>_update and <tablename>_delete)
(PostgreSQL: Introduction and Concepts / Momjian, pg. 149)
Now if I'm way off and these scenarios are not possible, it would be nice to
have ACL's on entries in the pg_proc table or an additional entry in pg_class
for each stored proc/function (but that seems unlikely as it seems this would
affect other parts of the postgres subsystem) and have the 'traffic-cop'
check the permissions on the functions for us.
Thanks.
John Moschetto
attendee OSDN/OSDB Summit
Oct 30-31 2000 - Hayes Mansion
San Jose, California
__________________________________________________________________
Get your own FREE, personal Netscape Webmail account today at
http://webmail.netscape.com/