Re: [GENERAL] Read only access, via functions only
Webb Sprague wrote: >> you can set transactions read only but the user can turn them off. Use >> views, functions and GRANT. > > Views was the key word. I had tried to do it with functions and GRANT alone. You can also do a lot with SECURITY DEFINER functions - for example, if you want to grant them the ability to make only very limited changes to the data set and want to run some checking logic before allowing the change. -- Craig Ringer -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
Re: [GENERAL] Read only access, via functions only
> you can set transactions read only but the user can turn them off. Use > views, functions and GRANT. Views was the key word. I had tried to do it with functions and GRANT alone. Thanks to the collective brain that is a listserv. -W -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
Re: [GENERAL] Read only access, via functions only
On Wed, 2008-11-05 at 15:46 -0800, Webb Sprague wrote: > Hi all > > Is there a away to set up a schema such that a certain role has (1) > read only access to (2) all the tables, but (3) must use predefined > functions to use that access? you can set transactions read only but the user can turn them off. Use views, functions and GRANT. Joshua D. Drake -- -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
Re: [GENERAL] Read only access, via functions only
On Nov 5, 2008, at 6:46 PM, Webb Sprague wrote: Hi all Is there a away to set up a schema such that a certain role has (1) read only access to (2) all the tables, but (3) must use predefined functions to use that access? Items 1 and 2 are so that the end user doesn't stomp on the data. I want item 3 in order to force the application programmers (PHP) not to craft their own select statements but to go through the API What about using views? Thoughts? I have about given up, but maybe somebody can make it easy for me. Running version 8.2.something (stupid Linux Distros) There is nothing stupid on a Linux distro (I can post code if necessary, I am just feeling a little lazy...) Don't be lazy ;) If we are lazy, you wouldn't see a reply. Ries Thanks W -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general regards, Ries van Twisk - A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
[GENERAL] Read only access, via functions only
Hi all Is there a away to set up a schema such that a certain role has (1) read only access to (2) all the tables, but (3) must use predefined functions to use that access? Items 1 and 2 are so that the end user doesn't stomp on the data. I want item 3 in order to force the application programmers (PHP) not to craft their own select statements but to go through the API Thoughts? I have about given up, but maybe somebody can make it easy for me. Running version 8.2.something (stupid Linux Distros) (I can post code if necessary, I am just feeling a little lazy...) Thanks W -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general