Thread: How to prevent users from doing manually what my trigger should do for them?
How to prevent users from doing manually what my trigger should do for them?
From
thomharp@charter.net (Thom Harp)
Date:
I have a trigger which inserts a row into a table (table A) based on what a user inserts into a different table (table B). To allow this, the user needs insert permission for table A in order for the trigger to run. Is there a way I can restrict this so the user only has permission to insert via the trigger and not manually? I can't trust my users to insert correct values into table A by themselves but I need them to be able to run the trigger.
Re: How to prevent users from doing manually what my trigger should do for them?
From
greg@turnstep.com
Date:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > I have a trigger which inserts a row into a table (table A) based on > what a user inserts into a different table (table B). To allow this, > the user needs insert permission for table A in order for the trigger > to run. Is there a way I can restrict this so the user only has > permission to insert via the trigger and not manually? I can't trust > my users to insert correct values into table A by themselves but I > need them to be able to run the trigger. Create another user which has insert permissions on table B. Have this user create a (trigger) function that inserts into table B, and make sure the function is marked as EXTERNAL SECURITY DEFINER. Set this function as a trigger on table A, and your users should only be able to insert into table B through the trigger. - -- Greg Sabino Mullane greg@turnstep.com PGP Key: 0x14964AC8 200303261036 -----BEGIN PGP SIGNATURE----- Comment: http://www.turnstep.com/pgp.html iD8DBQE+gcq7vJuQZxSWSsgRAiqgAKCeA9f6mCKFw8M3itKty3q9LjmocQCgqzOt hPJTbbCOTqbe61Kip8esmWA= =8eCk -----END PGP SIGNATURE-----