Home > mailing lists

Re: Define permissions at database level - Mailing list pgsql-general

From	Richard Huxton
Subject	Re: Define permissions at database level
Date	February 18, 2010 09:05:06
Msg-id	4B7D10C2.60907@archonet.com Whole thread Raw
In response to	Define permissions at database level (dipti shah <shahdipti1980@gmail.com>)
Responses	Re: Define permissions at database level (dipti shah <shahdipti1980@gmail.com>)
List	pgsql-general

Tree view

On 18/02/10 08:53, dipti shah wrote:
> Hi,
>
> Is it possible to define the permissions at database level such that no
> users(except postgres) can execute DROP, ALTER, TRUNCATE commands directily?
> Users have to use the given stored procedures.

1. Place users into appropriate groups (makes it easier to manage
later). Note that groups and users are actually both just roles.

2. Use GRANT/REVOKE to restrict what those users can do.

3. Write your "alter table" function owned by user "postgres" and make
sure it's marked "SECURITY DEFINER".

http://www.postgresql.org/docs/8.4/static/user-manag.html
http://www.postgresql.org/docs/8.4/static/sql-createfunction.html

--
   Richard Huxton
   Archonet Ltd

pgsql-general by date:

From: Antonio Goméz Soto
Date: 18 February 2010, 09:02:16
Subject: define transaction within pg/psql. Necessary?

From: Grzegorz Jaśkiewicz
Date: 18 February 2010, 09:07:08
Subject: Re: define transaction within pg/psql. Necessary?

Re: Define permissions at database level - Mailing list pgsql-general

Previous

Next