Re: [GENERAL] Define permissions at database level

Richard Huxton Thu, 18 Feb 2010 02:05:35 -0800

On 18/02/10 08:53, dipti shah wrote:

Hi,


Is it possible to define the permissions at database level such that no
users(except postgres) can execute DROP, ALTER, TRUNCATE commands directily?
Users have to use the given stored procedures.

1. Place users into appropriate groups (makes it easier to managelater). Note that groups and users are actually both just roles.


2. Use GRANT/REVOKE to restrict what those users can do.

3. Write your "alter table" function owned by user "postgres" and makesure it's marked "SECURITY DEFINER".


http://www.postgresql.org/docs/8.4/static/user-manag.html
http://www.postgresql.org/docs/8.4/static/sql-createfunction.html

--
  Richard Huxton
  Archonet Ltd

--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

Re: [GENERAL] Define permissions at database level

Reply via email to