Обсуждение: Deny access materialzsed view

Поиск
Список
Период
Сортировка

Deny access materialzsed view

От
Düster Horst
Дата:
Hi
 
I created a materialized view to manage editings via a real postgres view. The view has some rules to deliver all inserts, updates and deletes to the underlaying table with the appropriate privileges, insert, update and delete, for members of an editing role. To avoid editings on the underlaying table I want to deny any access except select access to the table for all users. Does anyone outside has an idea how to manage the described situation?
 
I'll appreciate any hint.
 
Regards
Horst
 

------------------------------------------------

Dr. Horst Düster
Stv. Amtschef / kantonaler GIS-Koordinator

Kanton Solothurn
Bau- und Justizdepartement
Amt für Geoinformation
SO!GIS Koordination
Rötistrasse 4
CH-4501 Solothurn

Telefon ++41(0)32 627 25 32
Mobil   ++41(0)79 511 54 12
Telefax ++41(0)32 627 22 14

mailto:horst.duester@bd.so.ch
http://www.agi.so.ch

 

Re: Deny access materialzsed view

От
Szymon Guz
Дата:


On 24 November 2010 08:57, Düster Horst <Horst.Duester@bd.so.ch> wrote:
Hi
 
I created a materialized view to manage editings via a real postgres view. The view has some rules to deliver all inserts, updates and deletes to the underlaying table with the appropriate privileges, insert, update and delete, for members of an editing role. To avoid editings on the underlaying table I want to deny any access except select access to the table for all users. Does anyone outside has an idea how to manage the described situation?
 
I'll appreciate any hint.
 
Regards
Horst
 

-


Hi,
I'd use the security definer/invoker mechanism (http://www.postgresql.org/docs/9.0/interactive/sql-createfunction.html). This way you could create special user who is the owner of the rule functions, and can read/write to the table, and normal user, who cannot read/write to the table, but can run those functions.

regards
Szymon Guz 

Re: Deny access materialzsed view

От
Düster Horst
Дата:
Hi Szymon Guz 
 
Thanks a lot for your response. I think the SECURITY DEFINER doesn't solve my problem. Here an example (stupid I know but just for explanation):
 
1. I have created the view  myView (select id from myTable) with an insert rule and I have created a table myTable (id integer, time timestamp).
2. Now I add a record to myView with: insert into myView (id) values (1).
3. The insert rule adds the value of id to myTable and sets a timestamp additionally
 
My problem now is that all users which have write access to myView shoudn't have write access to myTable to avoid manipulations of myTable apart from the logic of the myView rule. In the present configuration they must have write access to myTable for inserting data at the moment. Only the db admin should have write access to myTable and nobody else. Additionally in this approach there is no function. As the result I can't use the SECURITY DEFINER statement. As I understand does the SECURITY DEFINER statement only modify the execution rights of a function.
 
Maybe you have further hints or ideas?
 
Regards
Horst

------------------------------------------------

Dr. Horst Düster
Stv. Amtschef / kantonaler GIS-Koordinator

Kanton Solothurn
Bau- und Justizdepartement
Amt für Geoinformation
SO!GIS Koordination
Rötistrasse 4
CH-4501 Solothurn

Telefon ++41(0)32 627 25 32
Mobil   ++41(0)79 511 54 12
Telefax ++41(0)32 627 22 14

mailto:horst.duester@bd.so.ch
http://www.agi.so.ch

 
-----Ursprüngliche Nachricht-----
Von: Szymon Guz [mailto:mabewlun@gmail.com]
Gesendet am: Mittwoch, 24. November 2010 09:17
An: Düster Horst
Cc: pgsql-admin
Betreff: Re: [ADMIN] Deny access materialzsed view


On 24 November 2010 08:57, Düster Horst <Horst.Duester@bd.so.ch> wrote:

Hi
I created a materialized view to manage editings via a real postgres view. The view has some rules to deliver all inserts, updates and deletes to the underlaying table with the appropriate privileges, insert, update and delete, for members of an editing role. To avoid editings on the underlaying table I want to deny any access except select access to the table for all users. Does anyone outside has an idea how to manage the described situation?
I'll appreciate any hint.
Regards
Horst

-


Hi,
I'd use the security definer/invoker mechanism (http://www.postgresql.org/docs/9.0/interactive/sql-createfunction.html). This way you could create special user who is the owner of the rule functions, and can read/write to the table, and normal user, who cannot read/write to the table, but can run those functions.

regards
Szymon Guz 

Re: Deny access materialzsed view

От
Szymon Guz
Дата:


On 24 November 2010 14:56, Düster Horst <Horst.Duester@bd.so.ch> wrote:
Hi Szymon Guz 
 
Thanks a lot for your response. I think the SECURITY DEFINER doesn't solve my problem. Here an example (stupid I know but just for explanation):
 
1. I have created the view  myView (select id from myTable) with an insert rule and I have created a table myTable (id integer, time timestamp).
2. Now I add a record to myView with: insert into myView (id) values (1).
3. The insert rule adds the value of id to myTable and sets a timestamp additionally
 
My problem now is that all users which have write access to myView shoudn't have write access to myTable to avoid manipulations of myTable apart from the logic of the myView rule. In the present configuration they must have write access to myTable for inserting data at the moment. Only the db admin should have write access to myTable and nobody else. Additionally in this approach there is no function. As the result I can't use the SECURITY DEFINER statement. As I understand does the SECURITY DEFINER statement only modify the execution rights of a function.
 
Maybe you have further hints or ideas?
 

Hi,
I don't get it fully, but I will try:

1. myView is read/write, myTable is readonly, dbadmin can write to myTable

All users can select myTable (revoke all, grant select).
DbAdmin can update/insert myTable. (grant all)
DbAdmin creates procedures executed at update/insert myView, those procedures are defined with security definer, so they can insert/update myTable.

With this configuration, a normal user can select from the view, and update it, as there will be executed procedures with the DbAdmin rights, and he can update myTable.

2. myTable is read/write for normal user

Just grant proper rights for a normal user.
    
More about granting rights you can find here: http://www.postgresql.org/docs/9.0/static/sql-grant.html

Hope that helped a little.

regards
Szymon

Re: Deny access materialzsed view

От
Düster Horst
Дата:
Hi Szymon Guz 
 
Thanks a lot for you explanations. I'll give it a try.
 
Regards
Horst
 

------------------------------------------------

Dr. Horst Düster
Stv. Amtschef / kantonaler GIS-Koordinator

Kanton Solothurn
Bau- und Justizdepartement
Amt für Geoinformation
SO!GIS Koordination
Rötistrasse 4
CH-4501 Solothurn

Telefon ++41(0)32 627 25 32
Mobil   ++41(0)79 511 54 12
Telefax ++41(0)32 627 22 14

mailto:horst.duester@bd.so.ch
http://www.agi.so.ch

 
-----Ursprüngliche Nachricht-----
Von: Szymon Guz [mailto:mabewlun@gmail.com]
Gesendet am: Mittwoch, 24. November 2010 15:26
An: Düster Horst
Cc: pgsql-admin
Betreff: Re: Re: [ADMIN] Deny access materialzsed view


On 24 November 2010 14:56, Düster Horst <Horst.Duester@bd.so.ch> wrote:

Hi Szymon Guz 
Thanks a lot for your response. I think the SECURITY DEFINER doesn't solve my problem. Here an example (stupid I know but just for explanation):
1. I have created the view  myView (select id from myTable) with an insert rule and I have created a table myTable (id integer, time timestamp).
2. Now I add a record to myView with: insert into myView (id) values (1).
3. The insert rule adds the value of id to myTable and sets a timestamp additionally
My problem now is that all users which have write access to myView shoudn't have write access to myTable to avoid manipulations of myTable apart from the logic of the myView rule. In the present configuration they must have write access to myTable for inserting data at the moment. Only the db admin should have write access to myTable and nobody else. Additionally in this approach there is no function. As the result I can't use the SECURITY DEFINER statement. As I understand does the SECURITY DEFINER statement only modify the execution rights of a function.
Maybe you have further hints or ideas?
 

Hi,
I don't get it fully, but I will try:

1. myView is read/write, myTable is readonly, dbadmin can write to myTable

All users can select myTable (revoke all, grant select).
DbAdmin can update/insert myTable. (grant all)
DbAdmin creates procedures executed at update/insert myView, those procedures are defined with security definer, so they can insert/update myTable.

With this configuration, a normal user can select from the view, and update it, as there will be executed procedures with the DbAdmin rights, and he can update myTable.

2. myTable is read/write for normal user

Just grant proper rights for a normal user.
    
More about granting rights you can find here: http://www.postgresql.org/docs/9.0/static/sql-grant.html

Hope that helped a little.

regards
Szymon