Hello,
I am puzzled. I have rules set up such that when a table entry is
changed or deleted, it is first copied to an archive table. This works
beautifully, and everything is fine. But _why_ does it work???
I have a group defined with permissions on a standard table (sequences
too, not included here):
grant select,insert,update,delete on TABLE to group normal;
grant select on TABLE_old to group normal;
So I thought - whoops, I have a bug, my normal user can't delete
because that requires inserting into TABLE_old, which I haven't given
them permission for. But they can! Are rules run as some other user or
what?
I created the rules when building the database as me, but I did my test
update as a "normal" user. And the permissions seem to work right for
non-rule based things - eg my read-only users can indeed only read.
An example of an update rule may be helpful here:
CREATE RULE patients_update_rule AS
ON UPDATE TO patients DO
INSERT INTO patients_old (entry, id, "timestamp",
userstamp, tid, pid, patient_info)
VALUES (old.entry, old.id, old."timestamp",
old.userstamp, old.tid, old.pid, old.patient_info);
Effects of a deletion are pretty similar, with the addition of a
"deleted" flag in the TABLE_old entry.
cheers
Cath
Cath Lawrence, Cath.Lawrence@anu.edu.au
Senior Scientific Programmer, Centre for Bioinformation Science,
John Curtin School of Medical Research (room 4088)
Australian National University, Canberra ACT 0200
ph: (02) 61257959 mobile: 0421-902694 fax: (02) 61252595
