Markus Wagner wrote:
> Hi,
>
> one of my users wants to create functions using the C language, but pgs
> says "no permission".
>
> How can I permit the user to do this, while avoiding to give him root
> access rights?
Assuming with "root" access you mean "DB-superuser" rights.
No way!
From the C language, he has total access to the DB backend, running under the OS-side database system owners
UID. That means, he has complete OS access to the entire DB installation! He could read/write system
catalogswithout any permission checks (SPI is only for convienience, someone can use heap-am as well).
So in fact, he IS a superuser then. And that should be reflected in his rights. Giving him the right
wouldalso prevent him from doing stupid things to gain access for data he shouldn't have, possibly corrupting you
DBinstallation by accident.
If that all isn't an option for you, give him his own DB installation where he is his own superuser.
Therehe can develop those things and after code revision, you install the modules in the production system.
Jan
--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#================================================== JanWieck@Yahoo.com #
