Re: Setting up a fine-grained permission system
| От | Chris Travers |
|---|---|
| Тема | Re: Setting up a fine-grained permission system |
| Дата | |
| Msg-id | 434C9BE8.6050402@travelamericas.com обсуждение исходный текст |
| Ответ на | Setting up a fine-grained permission system (David Garamond <lists@zara.6.isreserved.com>) |
| Список | pgsql-general |
Hi all. Implimenting a custom permission system is fairly easy to do with triggers, views, and rules. Here is my suggestion. Put your data tables in a shadow schema and don't give users access to them. Then create views that select the information from the tables that they have access to. denied columns could be filled in with NULLs or **** or something else. Denied rows could simply be omitted. As for updating and inserting, you can do your own permission schemes here too with triggers checking them and providing the needed logic. Best Wishes, Chris Travers Metatron Technology Consulting David Garamond wrote: >Hi, > >Our current project requires a fine-grained permission system (row-level >and possibly column-level as well). We have a pretty large (tens of >thousands) of users in the 'party' table. I'm thinking of choosing >Unix-style security for now (adding 'ugo' and 'owner' and 'group' >columns to each table which access need to be regulated), but am unsure >about the column-level permission. > >Anyone has experiences to share on a similar system/requirement? Do you >do Unix-style or ACL? Is there a possibility in the medium/far future >that Postgres will have such a fine-grained permission system. > >Regards, >Dave > >---------------------------(end of broadcast)--------------------------- >TIP 6: explain analyze is your friend > > > >
В списке pgsql-general по дате отправления: