Home > mailing lists

Re: Allowing update of column only from trigger - Mailing list pgsql-general

From	Andrey V. Semyonov
Subject	Re: Allowing update of column only from trigger
Date	January 29, 2005 21:45:09
Msg-id	41FBD9AF.8090802@mail.ru Whole thread Raw
In response to	Re: Allowing update of column only from trigger (PFC <lists@boutiquenumerique.com>)
Responses	Re: Allowing update of column only from trigger (Shawn Harrison <harrison@tbc.net>)
List	pgsql-general

Tree view

isn't it possible to restrict UPDATE by access rights based on the DB's
user?

Create table with owner set to the administrator of the database (NOT
PostgreSQL SERVER!!!) and grant only the needed rights (or none of them)
to the user from which the usual processing of the database will be
performed. Then, create a trigger function with SECURITY DEFINER set and
own it by the owner of the database (or other user, who's granted to
UPDATE the table). So, if no one else is granted UPDATE on the table,
the only UPDATE-modifiers of the table will be the owner and the trigger
function's owner (if differs from owner).

Best regards,
    Andrey V. Semyonov

pgsql-general by date:

From: Josh Berkus
Date: 29 January 2005, 21:26:51
Subject: Re: [pgsql-advocacy] MySQL worm attacks Windows servers

From: Ragnar Hafstað
Date: 29 January 2005, 21:58:30
Subject: Re: Prompt User From a pgplsql Function

Re: Allowing update of column only from trigger - Mailing list pgsql-general

Previous

Next