Re: Securing records using linux grou permissions
| От | Luca Ferrari |
|---|---|
| Тема | Re: Securing records using linux grou permissions |
| Дата | |
| Msg-id | CAKoxK+6Dg_K9yQ4x0Fk_JdVD5N3R9tLm6XBHSfp4=q-EWgpPUA@mail.gmail.com обсуждение исходный текст |
| Ответ на | Securing records using linux grou permissions (David Gauthier <davegauthierpg@gmail.com>) |
| Список | pgsql-general |
On Tue, Oct 15, 2019 at 6:07 PM David Gauthier <davegauthierpg@gmail.com> wrote: > Users are going to be working with data through perl/DBI scripts which currently connect using a generic role with hardcodedpassword in the connect string. Access will be select/insert/update/delete We need to tighten up security as describedabove. I would apply row level security, as already pointed out. Then, in my Perl scripts, I will force a SET ROLE depending on the operating system group/user. In such case, you can have still a "generic" user to use as connection/login, then change the set of permissions on the fly as connected. Of course, row level security must be applied against current_role and not session_user. I would not say this is a robust approach, but can do what you want (assuming you don't have to change thousands of Perl scripts). Hope it helps. Luca
В списке pgsql-general по дате отправления: