Re: Disabling START TRANSACTION for a SuperUser - Mailing list pgsql-hackers
| From | Muthiah Rajan |
|---|---|
| Subject | Re: Disabling START TRANSACTION for a SuperUser |
| Date | |
| Msg-id | CADxOJh8X5omn4u+Y=PYLuupcHVFsiJphw5oOj1ueZnO4PbVu9Q@mail.gmail.com Whole thread Raw |
| In response to | Re: Disabling START TRANSACTION for a SuperUser (Craig Ringer <craig@2ndquadrant.com>) |
| List | pgsql-hackers |
<p dir="ltr">Thanks Craig,<p dir="ltr">There are a lot of details and its overwhelming.... :-) Let me digest and will postfor any help....<div class="gmail_quote">On 27-Oct-2015 7:21 PM, "Craig Ringer" <<a href="mailto:craig@2ndquadrant.com">craig@2ndquadrant.com</a>>wrote:<br type="attribution" /><blockquote class="gmail_quote"style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> On 27 October 2015 at 21:19, rajan<<a href="http:///user/SendEmail.jtp?type=node&node=5871647&i=0" link="external" rel="nofollow" target="_blank">[hiddenemail]</a>> wrote: <br />> Hey Craig, <br />> <br />> Thanks for your response. Seemslike the workaround is difficult. <br />> <br />> I am trying to understand <br />> " <br />> ExecutorStart_hookand ProcessUtility_hook <br /><br />Doing what you want will require being willing to spend a fair bitof <br />time becoming familiar with PostgreSQL's innards, writing extensions, <br />etc. It's not a simple "download,compile, run" process. You will need <br />to be confident with C programming and reading source code. <br /><br/>Here's some code that filters allowable commands. It doesn't care <br />which user id is used, but it's pretty simpleto add a check to only <br />run the filter when a particular user ID is the active user. This <br />won't do whatyou want, but serves as a rough example of how you can <br />filter statements based on the parsed statement data: <br/><br /><a href="https://github.com/2ndQuadrant/bdr/blob/bdr-plugin/next/bdr_commandfilter.c" link="external" rel="nofollow"target="_blank">https://github.com/2ndQuadrant/bdr/blob/bdr-plugin/next/bdr_commandfilter.c</a><br /><br />andalso: <br /><br /><a href="http://www.postgresql.org/docs/current/static/xfunc-c.html" link="external" rel="nofollow"target="_blank">http://www.postgresql.org/docs/current/static/xfunc-c.html</a><br /><a href="http://www.postgresql.org/docs/current/static/extend-extensions.html"link="external" rel="nofollow" target="_blank">http://www.postgresql.org/docs/current/static/extend-extensions.html</a><br/><a href="http://www.postgresql.org/docs/current/static/extend-pgxs.html"link="external" rel="nofollow" target="_blank">http://www.postgresql.org/docs/current/static/extend-pgxs.html</a><br/><br />Note that BDR's command filterdoesn't do anything to <br />insert/update/delete/select. For that you'd *also* need an <br />ExecutorStart_hook orsimilar. <br /><br />If this is going way too deep, perhaps you should post to <br />pgsql-general with a description ofthe underlying problem you are <br />trying to solve, i.e. *why* you want to be able to have a superuser <br />who canalter users but can't select, etc. What's the problem you're <br />trying to solve with this? <br /><br />-- <br /> CraigRinger <a href="http://www.2ndQuadrant.com/" link="external" rel="nofollow" target="_blank">http://www.2ndQuadrant.com/</a><br/> PostgreSQL Development, 24x7 Support, Training & Services <br /><br/><br />-- <br />Sent via pgsql-hackers mailing list (<a href="http:///user/SendEmail.jtp?type=node&node=5871647&i=1"link="external" rel="nofollow" target="_blank">[hiddenemail]</a>) <br />To make changes to your subscription: <br /><a href="http://www.postgresql.org/mailpref/pgsql-hackers"link="external" rel="nofollow" target="_blank">http://www.postgresql.org/mailpref/pgsql-hackers</a><br/><br /><br /><hr color="#cccccc" noshade size="1"/><div style="color:#444;font:12px tahoma,geneva,helvetica,arial,sans-serif"><div style="font-weight:bold">If youreply to this email, your message will be added to the discussion below:</div><a href="http://postgresql.nabble.com/Disabling-START-TRANSACTION-for-a-SuperUser-tp5871630p5871647.html" target="_blank">http://postgresql.nabble.com/Disabling-START-TRANSACTION-for-a-SuperUser-tp5871630p5871647.html</a></div><div style="color:#666;font:11pxtahoma,geneva,helvetica,arial,sans-serif;margin-top:.4em;line-height:1.5em"> To unsubscribe fromDisabling START TRANSACTION for a SuperUser, <a href="http://postgresql.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=5871630&code=dmdtb25uZXRAZ21haWwuY29tfDU4NzE2MzB8MTg2MjE3MzA5Nw==" target="_blank">clickhere</a>.<br /><a href="http://postgresql.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml" rel="nofollow"style="font:9px serif" target="_blank">NAML</a></div></blockquote></div>
pgsql-hackers by date: