Обсуждение: Rolls

Поиск
Список
Период
Сортировка

Rolls

От
Andrew Bartley
Дата:
Hi all,

I am trying to work out a way to create a roll/user that can only execute one particular function and nothing else.  The particular function has been created with "SECURITY DEFINER".

Regards

Andrew Bartley


Re: Rolls

От
Rob Sargent
Дата:

On 02/01/2018 02:22 PM, Andrew Bartley wrote:
> Hi all,
>
> I am trying to work out a way to create a roll/user that can only 
> execute one particular function and nothing else. The particular 
> function has been created with "SECURITY DEFINER".
>
> Regards
>
> Andrew Bartley
>
>
And I thought you we offering hot cinnamon buns or some such.

Re: Rolls

От
Andrew Bartley
Дата:
Sorry Roles....   


On Fri, 2 Feb 2018 at 08:29 Rob Sargent <robjsargent@gmail.com> wrote:


On 02/01/2018 02:22 PM, Andrew Bartley wrote:
> Hi all,
>
> I am trying to work out a way to create a roll/user that can only
> execute one particular function and nothing else. The particular
> function has been created with "SECURITY DEFINER".
>
> Regards
>
> Andrew Bartley
>
>
And I thought you we offering hot cinnamon buns or some such.

Re: Rolls

От
"David G. Johnston"
Дата:
On Thursday, February 1, 2018, Andrew Bartley <ambartley@gmail.com> wrote:
Hi all,

I am trying to work out a way to create a roll/user that can only execute one particular function and nothing else.  The particular function has been created with "SECURITY DEFINER".

Never tried it but "REVOKE PUBLIC FROM role" then "GRANT ... TO role" would ideally work.

Not simple since every role is a member of PUBLIC from which they all inherit useful defaults.  You can remove those defaults and the already granted privileges from PUBLIC and then add them back to some super-role group that everyone but this user belongs too.  Then only add the one grant you desire to this user.

David J.