Re: Ignoring the limited user-rights by using ODBC
| От | Goeke, Tobias |
|---|---|
| Тема | Re: Ignoring the limited user-rights by using ODBC |
| Дата | |
| Msg-id | 72F45784D0E25A429B21E156EAEFE5E3E5523A@muenchen.ep.de обсуждение исходный текст |
| Ответ на | Ignoring the limited user-rights by using ODBC ("Goeke, Tobias" <TGoeke@ElectronicPartner.de>) |
| Список | pgsql-odbc |
The crux is that the \d commands in psql does not necessarily define the scope of a user's access privileges. (referring to Peter Eisentraut) So there can't exist a solution for my "problem" (better wish!) because the user must read out of the other tables in the views. I should accept it that they are shown in the choice via odbc. Thanks a lot for helping me! Tobias Goeke -----Ursprüngliche Nachricht----- Von: Marko Ristola [mailto:marko.ristola@kolumbus.fi] Gesendet: Mittwoch, 30. März 2005 20:48 An: Peter Eisentraut Cc: Goeke, Tobias; pgsql-odbc@postgresql.org Betreff: Re: [ODBC] Ignoring the limited user-rights by using ODBC I remember from some other databases, that the schema is not for security. It is for application logic: If you have marko.branch and users.branch tables, you can link to both by select * from marko.branch union select * from users.branch You can revoke rights from the tables with the following commands: revoke all from marko on marko.branch; revoke all from marko on users.branch; After these, "marko" user is not able to read, or write into the tables. You can play with the schema like this with ODBC: set search_path to marko,public; -- the new schema is "marko" select * from branch; /* points into marko.branch */ set search_path to users,public; select * from branch; /* points into users.branch */ Read or write rights (grant/revoke) for the table and visibility (naming, search path, namespace, schema) of the table name are a different thing. Marko Ristola Peter Eisentraut wrote: >Goeke, Tobias wrote: > > >>If i connect to the database via obdc with this user, all schemes are >>shown. So i am able to select all the tables and views e.g. in excel, >>although the user isn't autorized. >> >> > >It is not possible that the ODBC driver can circumvent privileges that >would otherwise apply. Please provide a detailed way to reproduce your >problem. > >Note that what the \d commands in psql show does not necessarily define >the scope of a user's access privileges. It merely shows what might be >of interest to the user. > > >
В списке pgsql-odbc по дате отправления: