Thread: security rights per database DDL/DML connect

security rights per database DDL/DML connect

From
Gabor Faludi
Date:
I've been searching the web for a solution on this but no luck .

I'm administering a webserver w/ PHP apps on . I had an idea to create an
application database and give access to certain users to maintain the data
within the database tables , but also I'd like to make sure only certain
users are able to perform DDL commands. Or simply to revoke access for
connecting to this db.

I haven't found any clues. , any help is appreciated .

many thanks,
Gabor Faludi


Re: security rights per database DDL/DML connect

From
Bruno Wolff III
Date:
On Tue, Oct 22, 2002 at 21:01:59 +0200,
  Gabor Faludi <falu@fits.hu> wrote:
> I've been searching the web for a solution on this but no luck .
>
> I'm administering a webserver w/ PHP apps on . I had an idea to create an
> application database and give access to certain users to maintain the data
> within the database tables , but also I'd like to make sure only certain
> users are able to perform DDL commands. Or simply to revoke access for
> connecting to this db.

In 7.3 you can get a pretty good handle on this. The database owner can
restrict who can create schemas and schema owners can control who can
create objects in that schema.

Re: security rights per database DDL/DML connect

From
Dan Langille
Date:
On Tue, 22 Oct 2002, Bruno Wolff III wrote:

> In 7.3 you can get a pretty good handle on this. The database owner can
> restrict who can create schemas and schema owners can control who can
> create objects in that schema.

Will I be able to give people the right to execute a function, but not
view it?


Re: security rights per database DDL/DML connect

From
Tom Lane
Date:
Dan Langille <dan@langille.org> writes:
> Will I be able to give people the right to execute a function, but not
> view it?

Write it in C.  Short of that, you're asking for unenforceable
restrictions on the ability to read pg_proc.

            regards, tom lane

Re: security rights per database DDL/DML connect

From
Dan Langille
Date:
On Wed, 23 Oct 2002, Tom Lane wrote:

> Dan Langille <dan@langille.org> writes:
> > Will I be able to give people the right to execute a function, but not
> > view it?
>
> Write it in C.  Short of that, you're asking for unenforceable
> restrictions on the ability to read pg_proc.

I like that approach.

Given that the existing functions are written in plpgsql, is there a good
guide to converting to C?


hash function

From
Rafael Mueller
Date:
anyone here know what's the hash
functions used in pgsql?

-- Rafael