Depesz asks if there are any plans for suid functions.
Much of this functionality can be implemented simply using the rule
system and rewriting the inserts that a user thinks they are making,
into what the system wants. Depesz, if you would like to contact me
directly, I will be pleased to try to help.
That said, I think the rule system is not always sufficient, and I am
looking into implementing this sort of functionality as a precursor to
being able to create Virtual Private Databasez (as Oracle like to call
them).
My current thinking is that a function should be able to run either, as
now, solely with the rights of the caller, or with the rights of the
owner of the rule that calls the function. To control which tytpe of
function we are using, I would like to add another option to the WITH
clause of the create function statement. Something like WITH
rulepermissions.
I would appreciate any feedback.
> Date: Sun, 20 Jan 2002 10:22:23 +0100
> From: hubert depesz lubaczewski <depesz@depesz.pl>
> To: pgsql-general@postgresql.org
> Subject: IDEA: "suid" functions
> Message-ID: <20020120102223.B30153@depesz.pl>
> hi
> is there any chance that there will be function with "suid"
> possibilities?
> i mean: i want to be able to:
> 1. have table a with right only to user "owner"
> 2. function setSoemthing(text) which update's table a
> 3. function setsomething is owner by user "owner", but i gave rights
> to execute it to user "miner"
> 4. user miner, despite cannot directly select * from a, can select
> setSomething('bleble'), and this will work.
> any idea on how to do so or if this will be introduced in some future
> release of PostgreSQL?
--
Marc marc@bloodnok.com
