Re: Permissions on Stored Procedures
| От | R D |
|---|---|
| Тема | Re: Permissions on Stored Procedures |
| Дата | |
| Msg-id | 20001227081405.45087.qmail@web10004.mail.yahoo.com обсуждение исходный текст |
| Ответ на | Permissions on Stored Procedures (jmoschet@netscape.net) |
| Список | pgsql-admin |
I hoped to see that and per database allow/deny ctreation of tables to groups/users in PostgreSQL 7.1 but as far as I know it will not be done. Rumen --- jmoschet@netscape.net wrote: > I've been searching the lists and found a similar > question but there have no > replies. > > What I would like to be able to do in Postgres is > give users/groups the > ability to execute stored procedures on a per > procedure basis. > > I am looking into the Rules system, thinking that > this is acheiveable through > the use of query rewriting, dummy tables and > _insert, _delete, _update rules. > > > I see in the internals.ps (docs directory) file > there is an example (2.5.8 / > pg 49-50) of creating a dummy table and a rule that > gets executed when > someone issues a SELECT on that dummy table. > > The rule defines the actual query which is executed, > so the *user* is none > the wiser. That's a start. > > It seems that keeping track of *dummy* tables could > get hairy and somone > cleaning up could accidentally remove a dummy table > and disable a whole mess > of things inadvertenty. > > It would appear to be possible to set ACLs on a > dummy table to only allow > certain users/groups to execute the select, insert, > update or delete on the > dummy table itself. Thereby using the built-in > postgres security to intervene > and before the rules are ever executed. > > There is an example of the use of a rule to prevent > an insert on a table that > uses a special naming convention, <tablename>_insert > that automatically gets > executed when the INSERT is issued. (and similarly > for the > <tablename>_select, <tablename>_update and > <tablename>_delete) > (PostgreSQL: Introduction and Concepts / Momjian, > pg. 149) > > Now if I'm way off and these scenarios are not > possible, it would be nice to > have ACL's on entries in the pg_proc table or an > additional entry in pg_class > for each stored proc/function (but that seems > unlikely as it seems this would > affect other parts of the postgres subsystem) and > have the 'traffic-cop' > check the permissions on the functions for us. > > Thanks. > > John Moschetto > attendee OSDN/OSDB Summit > Oct 30-31 2000 - Hayes Mansion > San Jose, California > > __________________________________________________________________ > Get your own FREE, personal Netscape Webmail account > today at > http://webmail.netscape.com/ __________________________________________________ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/
В списке pgsql-admin по дате отправления: