OK, let me think. In my situation, I'm writing an accounting app. A
typical situation would be a standard user would be able to update data
in a timesheet while an administrator would be able to approve the time
sheet. If I gave the standard user access to the timesheet header
table, they would also have access to an approval field, so I'd need
something like "column" level security. I could put in a trigger where
I check the permissions of someone attempting to set the approval
column. Yes, I think that would probably work.
I think you're correct. I can do pretty much what I want without
developing a proxy server. That's what I think I'll do, my original
plan of adding users with different roles. It still gives me the
creeps, allowing lots of people direct access to my server.
Thanks.
Bill Moran wrote:
> Furface <furface@omnicode.com> wrote:
>
>> Thanks Tom. You know I thought about this approach a little more. I
>> don't think there's a simple answer to this security problem short of
>> placing a proxy server application between the clients and the
>> database. The problem with giving database role accounts to each and
>> every user is that the users now have uncontrolled access to the
>> database.
>>
>
> Ummm ... huh?
>
> PostgreSQL has a pretty nice security model that gives you a great deal
> of control over what users have access to:
> http://www.postgresql.org/docs/8.2/static/user-manag.html
>
> The only thing that's missing is row-level granularity. There's at least
> one project out there supporting that, and you can also simulate it with
> clever usage of stored procedures and the ability to run them with the
> permissions of the definer instead of the executer.
>
> -Bill
>
>