Обсуждение: Can I check if somebody is superuser in stored procedure?
Hello Is there some simple possibility to check a rights from stored procedure? Regards Pavel Stehule
On Sun, Mar 27, 2011 at 03:21:18PM +0200, Pavel Stehule wrote: > Hello > > Is there some simple possibility to check a rights from stored procedure? Well, there's the catalog lookup method: SELECT EXISTS (SELECT 1 FROM pg_catalog.pg_roles WHERE rolname=$1 AND rolsuper) Is that what you had in mind? Cheers, David. -- David Fetter <david@fetter.org> http://fetter.org/ Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter Skype: davidfetter XMPP: david.fetter@gmail.com iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics Remember to vote! Consider donating to Postgres: http://www.postgresql.org/about/donate
Hello 2011/3/28 David Fetter <david@fetter.org>: > On Sun, Mar 27, 2011 at 03:21:18PM +0200, Pavel Stehule wrote: >> Hello >> >> Is there some simple possibility to check a rights from stored procedure? > > Well, there's the catalog lookup method: > > SELECT EXISTS (SELECT 1 FROM pg_catalog.pg_roles WHERE rolname=$1 AND rolsuper) > > Is that what you had in mind? I found this too, but it isn't what I searched - I searched a some exported function based on internal cache. For my purpose is this solution enough. Regards Pavel > > Cheers, > David. > -- > David Fetter <david@fetter.org> http://fetter.org/ > Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter > Skype: davidfetter XMPP: david.fetter@gmail.com > iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics > > Remember to vote! > Consider donating to Postgres: http://www.postgresql.org/about/donate >
On Mar 28, 2011, at 1:29 AM, Pavel Stehule wrote: >>> Is there some simple possibility to check a rights from stored procedure? >> >> Well, there's the catalog lookup method: >> >> SELECT EXISTS (SELECT 1 FROM pg_catalog.pg_roles WHERE rolname=$1 AND rolsuper) >> >> Is that what you had in mind? > > I found this too, but it isn't what I searched - I searched a some > exported function based on internal cache. > > For my purpose is this solution enough. Note that doesn't work if the user has superuser because it was granted via another role. -- Jim C. Nasby, Database Architect jim@nasby.net 512.569.9461 (cell) http://jim.nasby.net
On ons, 2011-04-06 at 09:51 -0500, Jim Nasby wrote: > Note that doesn't work if the user has superuser because it was granted via another role. You can only be a superuser if your own superuser bit is set. It cannot be granted via some other role. (Not sure whether that's a feature.)