On 4/29/15 1:05 PM, Joshua D. Drake wrote:
>>
>> [ discussion about read-only columns ]
>
> See here
>
> GRANT { { SELECT | INSERT | UPDATE | REFERENCES } ( column_name [, ...] )
What I don't like about relying on GRANT is that the table owner gets to
bypass all that, as does a superuser. So when I'm serious about an
operation (insert, update or delete) not happening on something, I put a
trigger in place. Obviously a table owner or SU can always disable that,
but they can't do it accidentally. I would love the ability to restrict
operations both at a table and a column level.
BTW, John, you mentioned RULEs elsewhere... be very careful about using
those. They're incredibly easy to get wrong and generally not worth the
trouble.
--
Jim Nasby, Data Architect, Blue Treble Consulting
Data in Trouble? Get it in Treble! http://BlueTreble.com