Re: Allowing update of column only from trigger - Mailing list pgsql-general

From Shawn Harrison
Subject Re: Allowing update of column only from trigger
Date
Msg-id 41FE7A77.9010807@tbc.net
Whole thread Raw
In response to Re: Allowing update of column only from trigger  ("Andrey V. Semyonov" <wilfre@mail.ru>)
List pgsql-general
Andrey V. Semyonov wrote [01/29/05 12:45 PM]:
> isn't it possible to restrict UPDATE by access rights based on the DB's
> user?
>
> Create table with owner set to the administrator of the database (NOT
> PostgreSQL SERVER!!!) and grant only the needed rights (or none of them)
> to the user from which the usual processing of the database will be
> performed. Then, create a trigger function with SECURITY DEFINER set and
> own it by the owner of the database (or other user, who's granted to
> UPDATE the table). So, if no one else is granted UPDATE on the table,
> the only UPDATE-modifiers of the table will be the owner and the trigger
> function's owner (if differs from owner).

Thank you for explaining this. I haven't done much with rights within
the database, but it seems you have explained how to do exactly what I
had been considering as the "rights"-oriented solution to my problem.

> Best regards,
>    Andrey V. Semyonov

Take care,
Shawn Harrison
--
________________
harrison@tbc.net

pgsql-general by date:

Previous
From: Shawn Harrison
Date:
Subject: Re: Allowing update of column only from trigger
Next
From: Sven Willenberger
Date:
Subject: Re: Dereferencing a 2-dimensional array in plpgsql