On Wed, May 24, 2000 at 12:45:59PM -0500, Travis Bauer wrote:
> One problem you may have with this is that if a function accesses some
> table, the user who uses that function must also have permissions on the
> table. I have a similar problem. I'd like to give permissions on a view,
> but not on the table underlying the view (the view serves to filter out
> some records the user shouldn't see). I can't give permission to use view
> without giving permission to use the table.
Have you tried it? This is one of the things views are for. The view
accesses it's underlying tables as the user who created the view, as far
as I recall. I, for example, have an entire database where every table
has a 'pub' boolean. I've created views that return only rows with pub =
't', and given the anonymous user (which the web server connect as)
select privileges only on the view.
idas=> select count(*) from urls;
count
-----
23
(1 row)
idas=> select count(*) from urls_p;
count
-----
23
(1 row)
idas=> select count(*) from urls;
ERROR: urls: Permission denied.
idas=> \c - anonymous
connecting as new user: anonymous
idas=> select count(*) from urls_p;
count
-----
23
(1 row)
idas=>
Ross
--
Ross J. Reedstrom, Ph.D., <reedstrm@rice.edu>
NSBRI Research Scientist/Programmer
Computer and Information Technology Institute
Rice University, 6100 S. Main St., Houston, TX 77005