On Sun, Jan 28, 2007 at 01:21:09PM -0500, Bill Moran wrote:
> The only thing that's missing is row-level granularity. There's at least
> one project out there supporting that, and you can also simulate it with
> clever usage of stored procedures and the ability to run them with the
> permissions of the definer instead of the executer.
You can also use rules to protect rows. E.g.
CREATE RULE atable__lock_user_insert
AS ON INSERT TO atable
WHERE
CURRENT_USER != 'mysuper'
AND
new.username != CURRENT_USER
DO INSTEAD nothing;
CREATE RULE atable__lock_user_update
AS ON UPDATE TO atable
WHERE
CURRENT_USER != 'mysuper'
AND
old.username != CURRENT_USER
DO INSTEAD nothing;
CREATE RULE atable__lock_user_delete
AS ON DELETE TO atable
WHERE
CURRENT_USER != 'mysuper'
AND
old.username != CURRENT_USER
DO INSTEAD nothing;
--
Ron Peterson
https://www.yellowbank.com/