Home > mailing lists

Re: Define permissions at database level - Mailing list pgsql-general

From	dipti shah
Subject	Re: Define permissions at database level
Date	February 18, 2010 10:09:19
Msg-id	d5b05a951002180309w129ebf7fnda69b3bb7a0bf6b4@mail.gmail.com Whole thread Raw
In response to	Re: Define permissions at database level (Richard Huxton <dev@archonet.com>)
List	pgsql-general

Tree view

Thanks. I will do testing.

On Thu, Feb 18, 2010 at 4:29 PM, Richard Huxton <dev@archonet.com> wrote:

On 18/02/10 10:54, dipti shah wrote:
Okay then I think below works:

1. Revoke permission ALL permissions from PUBLIC on schema.

REVOKE ALL ON ALL TABLES IN SCHEMA mySchema FROM PUBLIC;

2. Give store procedure for creating table with SECURITY DEFINER marked
so that all tables owner will be "postgres" user.
3. Grant SELECT permission to required group on created table.
4. Give store procedure for droping the table with SECURITY DEFINER
marked so that droping will happen in the context of "postgres" user.

I think above will not allow anyone to create and/or drop tables directly
without using store procedures.

Please let me know if I am missing anything.

Sounds about right. Always test though.

--
Richard Huxton
Archonet Ltd

pgsql-general by date:

From: Richard Huxton
Date: 18 February 2010, 10:00:05
Subject: Re: Define permissions at database level

From: Ivan Sergio Borgonovo
Date: 18 February 2010, 13:45:25
Subject: errmsg and multi-byte strings.

Re: Define permissions at database level - Mailing list pgsql-general

Previous

Next