Thread: Best practices - permission handling

Best practices - permission handling

From
Együd Csaba
Date:
Hi All,
I'd like to ask some help on finding out which is the best way to
automatically give permissions for users to access database objects.

I try to plan a system where there are users who are sorted into groups
(mirror of the orgaization). The groups should have permissions for
functionalities (say program modules) depending on their rule in the
organization.

The program modules are based on several database objects (e.g. tables,
functions, triggers, ...), and the groups should have permissions directly
to db objects. The db objects must be linked to program modules. etc.

I thought that the simplest way is giving the permissions to the groups and
adding users to one or more group instead of giving the permissions directly
to the individual users.

I suppose that every modification on a group a whole revoke/grant resetting
must be run.


How could I make this permission handling flexible and robust. I'd like to
avoid such solutions where every user can do anything, and just the client
software hides the not permitted modules, because in this situation anyone
can start a PGAdmin III and do anything in the database. So the database
level permission handling is crutial.

Many thanks,
-- Csaba Együd

--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.7.4 - Release Date: 2005.01.25.




--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.7.4 - Release Date: 2005.01.25.