Re: [ADMIN] Priviliges and Roles
On Mon, Feb 27, 2006 at 12:09:48 +, Dayo Johnson <[EMAIL PROTECTED]> wrote: > Hello, > > Is it possible to do the following: > Disallow permission to write to a table (either by UPDATE or INSERT) but > allow EXECUTE permission on a Function that writes to the table ? > > The reason I want to do this is so that I can perform certain checks on > the data that is being written before I allow it to be written. You can use SECURITY DEFINER functions to do this. Those functions run with the access rights of the function creator, rather than the executor. ---(end of broadcast)--- TIP 3: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faq
Re: [ADMIN] Priviliges and Roles
Jerry Sievers wrote: Dayo Johnson <[EMAIL PROTECTED]> writes: Is it possible to do the following: Disallow permission to write to a table (either by UPDATE or INSERT) but allow EXECUTE permission on a Function that writes to the table ? Study up on the 'security definer' option in the manual sections on user defined functions. HTH Thank you, I believe that sorts me out :-) Cheers DayoJ ---(end of broadcast)--- TIP 6: explain analyze is your friend
Re: [ADMIN] Priviliges and Roles
Hi Dayo, This is how I understand it, but I might be wrong: I believe the user who is has permission to execute the function also needs permissions to perform the table writes. Regards Andy Dayo Johnson <[EMAIL PROTECTED]> wrote: > Hello, > > Is it possible to do the following: > Disallow permission to write to a table (either by UPDATE or INSERT) but > allow EXECUTE permission on a Function that writes to the table ? > > The reason I want to do this is so that I can perform certain checks on > the data that is being written before I allow it to be written. > > Cheers DayoJ > > > ---(end of broadcast)--- > TIP 2: Don't 'kill -9' the postmaster > > !DSPAM:14,4402ee2c160447970214199! > > >
Re: [ADMIN] Priviliges and Roles
On Mon, Feb 27, 2006 at 12:09:48PM +, Dayo Johnson wrote: > Hello, > > Is it possible to do the following: > Disallow permission to write to a table (either by UPDATE or INSERT) but > allow EXECUTE permission on a Function that writes to the table ? > > The reason I want to do this is so that I can perform certain checks on > the data that is being written before I allow it to be written. I'm no expert but check out triggers. That should allow you to whatnot the data and fail/pass the insert or update. See: http://www.postgresql.org/docs/8.1/interactive/triggers.html -- "To the extent that we overreact, we proffer the terrorists the greatest tribute." - High Court Judge Michael Kirby ---(end of broadcast)--- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly