[prev in list] [next in list] [prev in thread] [next in thread] 

List:       postgresql-sql
Subject:    [SQL] Controlling access to Sequences
From:       Matthew Horoschun <mhoroschun () canprint ! com ! au>
Date:       2003-01-31 12:47:27
[Download RAW message or body]

Hi All,

I'm implementing a system where I need to be reasonably careful about 
security. One thing that worries me is SEQUENCES.

My understanding is that I need to GRANT the UPDATE privilege on the 
SEQUENCE if I want a user to be able to to use nextval() on it. The 
trouble is, if they can do a nextval() they can also do a setval() 
which would allow them to set the sequence to any value they felt like 
and potentially cause problems for other user's use of the SEQUENCE.

I've considered forcing the user to use the nextval() by using a RULE 
on a VIEW, but it appear as though the nextval() function still runs as 
the logged-in user not the owner of the VIEW.

Is there any effective method for controlling access to a SEQUENCE? or 
should I do something like in the view:

INSERT INTO x VALUES ( ( SELECT MAX( id ) + 1 FROM x ), some_field );

Is this safe to do? Or might this lead to undesirable problems if 
called concurrently?

Any assistance would be appreciated.

Matthew.


---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo@postgresql.org so that your
message can get through to the mailing list cleanly
[prev in list] [next in list] [prev in thread] [next in thread]