Обсуждение: Priviliges and Roles
Hello, Is it possible to do the following: Disallow permission to write to a table (either by UPDATE or INSERT) but allow EXECUTE permission on a Function that writes to the table ? The reason I want to do this is so that I can perform certain checks on the data that is being written before I allow it to be written. Cheers DayoJ
On Mon, Feb 27, 2006 at 12:09:48PM +0000, Dayo Johnson wrote: > Hello, > > Is it possible to do the following: > Disallow permission to write to a table (either by UPDATE or INSERT) but > allow EXECUTE permission on a Function that writes to the table ? > > The reason I want to do this is so that I can perform certain checks on > the data that is being written before I allow it to be written. I'm no expert but check out triggers. That should allow you to whatnot the data and fail/pass the insert or update. See: http://www.postgresql.org/docs/8.1/interactive/triggers.html -- "To the extent that we overreact, we proffer the terrorists the greatest tribute." - High Court Judge Michael Kirby
Hi Dayo, This is how I understand it, but I might be wrong: I believe the user who is has permission to execute the function also needs permissions to perform the table writes. Regards Andy Dayo Johnson wrote: > Hello, > > Is it possible to do the following: > Disallow permission to write to a table (either by UPDATE or INSERT) but > allow EXECUTE permission on a Function that writes to the table ? > > The reason I want to do this is so that I can perform certain checks on > the data that is being written before I allow it to be written. > > Cheers DayoJ > > > ---------------------------(end of broadcast)--------------------------- > TIP 2: Don't 'kill -9' the postmaster > > !DSPAM:14,4402ee2c160447970214199! > > >
Jerry Sievers wrote: > Dayo Johnson <dayoj@cleanjohn.net> writes: > > >> Is it possible to do the following: >> Disallow permission to write to a table (either by UPDATE or INSERT) but >> allow EXECUTE permission on a Function that writes to the table ? >> > > Study up on the 'security definer' option in the manual sections on > user defined functions. > > HTH > Thank you, I believe that sorts me out :-) Cheers DayoJ
On Mon, Feb 27, 2006 at 12:09:48 +0000, Dayo Johnson <dayoj@cleanjohn.net> wrote: > Hello, > > Is it possible to do the following: > Disallow permission to write to a table (either by UPDATE or INSERT) but > allow EXECUTE permission on a Function that writes to the table ? > > The reason I want to do this is so that I can perform certain checks on > the data that is being written before I allow it to be written. You can use SECURITY DEFINER functions to do this. Those functions run with the access rights of the function creator, rather than the executor.