Thread: row level grants
Is there any way to grant user access at the row level? Or maybe some way to simulate it? Alex
Alexander Cohen wrote: > Is there any way to grant user access at the row level? Or maybe some > way to simulate it? If you can write a query to will return only the rows you want the user to see, you can write a view that returns those rows and grant rights to that view. J > > Alex > > > ---------------------------(end of broadcast)--------------------------- > TIP 4: Don't 'kill -9' the postmaster -- Command Prompt, Inc., home of Mammoth PostgreSQL - S/ODBC and S/JDBC Postgresql support, programming shared hosting and dedicated hosting. +1-503-667-4564 - jd@commandprompt.com - http://www.commandprompt.com Mammoth PostgreSQL Replicator. Integrated Replication for PostgreSQL
Attachment
Alexander Cohen wrote: > Is there any way to grant user access at the row level? Or maybe some > way to simulate it? There is no built-in way to do this, at least not currently. I wrote an article that might get you going in the right direction, available here: http://www.onlamp.com/pub/a/onlamp/2004/06/28/postgresql_extensions.html The functions I refer to in the article are custom C functions -- I'll be posting the source code on my website (www.joeconway.com) sometime after OSCON is over in a few weeks. In the meantime maybe you can use the concepts as a starting point. HTH, Joe
On Thu, Jul 01, 2004 at 17:09:23 -0400, Alexander Cohen <alex@toomuchspace.com> wrote: > Is there any way to grant user access at the row level? Or maybe some > way to simulate it? You can do this with views. You need something in each row that will allow you to tell which users have access to a row and check that against current_user in the view. If there is more than one user per row, then you might need to join the table to another table that maps users to groups.
> Is there any way to grant user access at the row level? Or maybe some > way to simulate it? Think about using views. Examples are in the list archive. Karsten -- GPG key ID E4071346 @ wwwkeys.pgp.net E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346
Bruno Wolff III <bruno@wolff.to> writes:
> Alexander Cohen <alex@toomuchspace.com> wrote:
>> Is there any way to grant user access at the row level? Or maybe some
>> way to simulate it?
> You can do this with views. You need something in each row that will
> allow you to tell which users have access to a row and check that
> against current_user in the view.
There are working examples of this in the standard distribution.
Take a look at the pg_stats view and the information_schema views.
regards, tom lane