Обсуждение: audit table with permissions
I created functions and a trigger to audit tables on my database but I have a problem with permissions on the functions and function schema I created. I can grant permissions to the current user of the original table being audited but I need a way to automate grants and revokes made to the original table so that any time those change in the future I don't have to worry about updating permissions or leaving a hole in security by granting all users full permissions to the functions and function schema. From my understanding event triggers can't be set the grant/revoke only create, alter or drop. Any input would really help me, I'm very fresh to writing functions and triggers. Thanks, Chris
I created functions and a trigger to audit tables on my database but I have a problem with permissions on the functions and function schema I created. I can grant permissions to the current user of the original table being audited but I need a way to automate grants and revokes made to the original table so that any time those change in the future I don't have to worry about updating permissions or leaving a hole in security by granting all users full permissions to the functions and function schema.
From my understanding event triggers can't be set the grant/revoke only create, alter or drop.
Any input would really help me, I'm very fresh to writing functions and triggers.
Thanks,
Chris
What about 'create function ... security definer'? That will run the function with the permissions of the person who defined the function, not the person who executes the function ('security invoker'). You still have to worry about changing permissions on the table but only have to worry about how they impact the user that created the function.
Bear