Thread: Turn around !! Permissions on FUNCTIONS

Turn around !! Permissions on FUNCTIONS

From
"Marco Tulio"
Date:
OK, the below is impossible yet...

but anyone can give-me a TURN AROUND this problem ?

Example:

I have a tb_log thats registers all DELETES over another
table. I did it using a trigger and a function, because
a simple RULE can´t do ever I need.

BUT, I don´t want the user that makes the DELETE could
make INSERTS, OR DELETES by hand over the tb_log...


Any idea ??








> Hello,
>
> I really need that my function execute SQL statments
as
> your user creator permissions (the user thats created
> the function), and NOT with users permissions that
start
> this function.
>
> Anyone could help-me, please ??
>
>
> FELIZ CARNAVAL !!!
>
>
>


__________________________________________________________________________
Quer ter seu próprio endereço na Internet?
Garanta já o seu e ainda ganhe cinco e-mails personalizados.
DomíniosBOL - http://dominios.bol.com.br



Re: Turn around !! Permissions on FUNCTIONS

From
Peter Eisentraut
Date:
Marco Tulio writes:

> OK, the below is impossible yet...
>
> but anyone can give-me a TURN AROUND this problem ?
>
> Example:
>
> I have a tb_log thats registers all DELETES over another
> table. I did it using a trigger and a function, because
> a simple RULE can´t do ever I need.
>
> BUT, I don´t want the user that makes the DELETE could
> make INSERTS, OR DELETES by hand over the tb_log...

If you want to write the trigger function in C, you can surround the
critical SQL statements (probably done via SPI interface) with calls like
this:

Oid saved = GetUserId();
SetUserId(something);
/* do work */
SetUserId(saved);

where "something" is the ID of the user you want to execute the "work"
section as.  This is effectively what would need to be done to implement
this feature for real.  Now that I see your problem I'm convinced it's
urgent and it should get done for 7.3.

--
Peter Eisentraut   peter_e@gmx.net