opportunities of inline funtions - Mailing list pgsql-admin

From Anton Maksimenkov
Subject opportunities of inline funtions
Date
Msg-id 41807310.8050009@hlebprom.ru
Whole thread Raw
List pgsql-admin
Hi.

  There was an idea to make access to the data only through the built - in
functions (on C). There is a table 't_test' which the superuser can read and
write down. There are functions of access, for example, for an insert of the
data:

PG_FUNCTION_INFO_V1(f_test);

Datum
f_test(PG_FUNCTION_ARGS)
{
         int ret, proc;
         SPI_connect();
         ret = SPI_exec("INSERT INTO t_test VALUES ('7', 'hi there')", 0);
         proc = SPI_processed;
         SPI_finish();
         return (proc);
}

  It is supposed further, that function will check the data and to carry out
something else, unimportantly. And so. It would be desirable, that this
function was carried out by the usual user, and it could work "as" superuser.
That is has executed an insert of the data. Read caution about "trojan horses"
in functions which allow the usual user to get access to the data which are
inaccessible to him. Here is how this idea I wanted to apply time in positive
sense. So I grant execute of this function to 'testo' user

=> GRANT EXECUTE ON FUNCTION f_test(INT, CHAR) TO testo;


However I receive a mistake

=> SELECT f_test('1','2');
ERROR:  t_test: permission denied

How to realize this idea?

--
engineer

pgsql-admin by date:

Previous
From: "Johnson, Heather"
Date:
Subject: Re: caching complete table for optimizing search ?
Next
From: "Andrei Bintintan"
Date:
Subject: pg_dump doesn't save correct the sequences