[prev in list] [next in list] [prev in thread] [next in thread] 

List:       postgresql-general
Subject:    [GENERAL] one more time: feature (feature status) request - function overriding table permissions
From:       Hubert depesz Lubaczewski <depesz () depesz ! pl>
Date:       2002-04-29 18:18:17
[Download RAW message or body]

hi
as you know, view permissions override table permissions.  i.e.   i  can
have users user_a and user_b;  and  table  x  with  no	permissions  for
user_b, but then create view : create view view_x as select  *	from  x;
and grant select permission on this view to user_b.  this way user_b has
no direct access to table x,  but  he  can  read  it's	content  through
premade views.

some time during last year i suggested doing  something  like  this  for
functions.  i.e.  in my example i'd like to create function  which  will
update table x, and give user_b access to execute  this  function,  thus
efectivelly allowing him to modify table x - without direct  access  for
"update table."

now, the question is:
has anything changed since then?  maybe there are this kind of	function
(i call them "suid" functions), and i'm just not aware of this fact? or
you just said "this idea is stupid, kill it".

i know that i can make workaround by making rules, but	i  see	this  as
highly unoptimal solution - a lot of things  to  be  done,  and  i  just
feel that "suid" function would be faster.

thanks for any reply with information on this. 
unfortunatelly i can not help with writing this as my knowledge of c  is
far too limited to even start looking at this.

best regards

depesz

-- 
hubert depesz lubaczewski                          http://www.depesz.pl/
------------------------------------------------------------------------
... vows are spoken to be broken ...                 [enjoy the silence]
... words are meaningless and forgettable ...             [depeche mode]

---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo@postgresql.org so that your
message can get through to the mailing list cleanly
[prev in list] [next in list] [prev in thread] [next in thread]