Marc Munro wrote:
> Harald wants to be able to show different users different subsets of
> data, and also give them different update permissions.
>
> This is also what I want to do with a PostrgeSQL implementation of
> Virtual Private Databases. Harald, you might want to check out some of
> Oracle's documentation on this to help soldify your own ideas. Google
> should be able to help. If not contact me and I'll see what I can find
> for you.
>
> Here is a quick view of what I want to achieve:
>
> Consider a table "t_x" to which we wish to control access according to
> the value of its "name" field, and the caller's access rights.
>
> We create a view "x" on this table as follows:
>
> create view x as
> select *
> from t_x
> where i_can_see(name);
>
> The access control is now placed firmly in the hands of the i_can_see()
> function which we can make as simple or complex as we like. And we can
> play similar tricks with update, insert and delete rules.
That is a fantastic trick.
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026