Home > mailing lists

Re: How to hide stored procedure's bodies from specific user - Mailing list pgsql-general

From	Berend Tober
Subject	Re: How to hide stored procedure's bodies from specific user
Date	February 14, 2015 16:07:57
Msg-id	54DF48A0.4060103@computer.org Whole thread Raw
In response to	Re: How to hide stored procedure's bodies from specific user (Saimon Lim <aimon.slim@gmail.com>)
Responses	Re: How to hide stored procedure's bodies from specific user (Guillaume Lelarge <guillaume@lelarge.info>)
List	pgsql-general

Tree view

Saimon Lim wrote:
> Thanks for your help
>
> I want to restrict some postgres users as much as possible and allow
> them to execute a few my own stored procedures only.

Create the function that you want restrict access to in a separate
'private' schema to which usage is not granted.

Create the functions you wish to allow access to in a schema to which
the role is granted access to.

You original question was different, i.e., you were asking about hiding
your clever algorithms from inquisitive inspection. For that, similarly
use as 'private' schema where you keep you super-secret stuff, and then
provide a sanitized interface in the 'public' schema:

CREATE OR REPLACE FUNCTION private.average(a float, b float)
  RETURNS float
  LANGUAGE sql
AS $$
    SELECT ($1 + $2)/2.;
$$;

CREATE OR REPLACE FUNCTION public.average(a float, b float)
RETURNS float
  LANGUAGE sql
as $$
    select private.average(a,b)
$$
security definer;

pgsql-general by date:

From: AI Rumman
Date: 14 February 2015, 05:42:22
Subject: increasing varchar column size is taking too much time

From: Guillaume Lelarge
Date: 14 February 2015, 17:30:16
Subject: Re: How to hide stored procedure's bodies from specific user

Re: How to hide stored procedure's bodies from specific user - Mailing list pgsql-general

Previous

Next