Best practices - permission handling - Mailing list pgsql-general

From Együd Csaba
Subject Best practices - permission handling
Date
Msg-id 0IAX008SXJWUE5@mail.vnet.hu
Whole thread Raw
List pgsql-general
Hi All,
I'd like to ask some help on finding out which is the best way to
automatically give permissions for users to access database objects.

I try to plan a system where there are users who are sorted into groups
(mirror of the orgaization). The groups should have permissions for
functionalities (say program modules) depending on their rule in the
organization.

The program modules are based on several database objects (e.g. tables,
functions, triggers, ...), and the groups should have permissions directly
to db objects. The db objects must be linked to program modules. etc.

I thought that the simplest way is giving the permissions to the groups and
adding users to one or more group instead of giving the permissions directly
to the individual users.

I suppose that every modification on a group a whole revoke/grant resetting
must be run.


How could I make this permission handling flexible and robust. I'd like to
avoid such solutions where every user can do anything, and just the client
software hides the not permitted modules, because in this situation anyone
can start a PGAdmin III and do anything in the database. So the database
level permission handling is crutial.

Many thanks,
-- Csaba Együd

--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.7.4 - Release Date: 2005.01.25.




--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.7.4 - Release Date: 2005.01.25.


pgsql-general by date:

Previous
From: "Danny Lu"
Date:
Subject: how come I get this error message when I try to connect to Postgresql
Next
From: Sibtay Abbas
Date:
Subject: Re: Problem with NOT IN and Sub-Select