On May 23, 2007, at 4:44 AM, Andreas wrote:
> Right.
> It's like that. They should work on projects that only contain a
> subset e.g. of customer addresses and subsequently on the task
> related objects like orders regarding the current project.
Another thought is to make all data returned through pl/pgsql
function calls (see SECURITY DEFINER option). I think you could
revoke all access to the underlying tables.
In addition to only returning data relevant to the task, the function
could automatically limit the number of rows returned to make it more
difficult to dump large amounts of data.
John DeSoi, Ph.D.
http://pgedit.com/
Power Tools for PostgreSQL