different security levels for each user, (ex. Jane security 1000, Bill 2000, Joe 3000). Then, if I only want X user with security 1000 to view Y row, I set Y.security to 1000.
Then, I give these users no access to the table, and create views for EACH user saying something to the effect of "select * from z where security=securitylevel", and grant access to the views only to the user itself.
Couldn't a user then go into the console themselves and create a view giving them full access to the table?
Or, maybe I'm way off on this whole thing
On Jan 26, 2004, at 1:06 PM, Bruno Wolff III wrote:
On Mon, Jan 26, 2004 at 12:45:40 -0800, James Taylor <[EMAIL PROTECTED]> wrote:I'm migrating an Oracle 9 database over to Postgres 7.3.4, and just ran
into something I've never seen before (honestly, due to my lack of
experience in Oracle) and was curious if
Postgres supported anything similar. The DBA that set up Oracle
appears to have enabled Oracle Label Security, which looks as though it
offers per-row security levels. So, say we have the table
'test', user 'Nancy' does a "select * from test" and only will be
shown rows she has permission to. Joe will get the same, and the
superuser can see everything. Does Postgres offer anything like this,
maybe even through third party software
You can do this with views, but there isn't a turn key set up to do this.
You can give someone access to a view without giving them direct access
to underlying tables. A view can check the current username versus
some data in the table being displayed (perhaps joined with some other
tables that keep track of group membership).
---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster
