Thread: grant problem
Hello all, i have a function that updates a table. I gave execute grant on it to a particular user but no grant on the table in question. when logging in as that user and executing the function, i get an error ERROR: permission denied for relation <table_name> How can i ensure that any update on this table is only done through that function, and that the function is oublicly executable? Please provide suggestions. Thanks & Regards, Raj.
On Tue, Mar 22, 2005 at 17:27:25 +0530, Rajarshi Mukherjee <mukherjee.rajarshi@gmail.com> wrote: > Hello all, > > i have a function that updates a table. I gave execute grant on it to > a particular user but no grant on the table in question. > > when logging in as that user and executing the function, i get an error > ERROR: permission denied for relation <table_name> > > How can i ensure that any update on this table is only done through > that function, and that the function is oublicly executable? You need to create the function with the security definer property. > > Please provide suggestions. > > Thanks & Regards, > Raj. > > ---------------------------(end of broadcast)--------------------------- > TIP 3: if posting/reading through Usenet, please send an appropriate > subscribe-nomail command to majordomo@postgresql.org so that your > message can get through to the mailing list cleanly
PLEASE GIVE ME AN EXAMPLE.. On Tue, 22 Mar 2005 06:24:58 -0600, Bruno Wolff III <bruno@wolff.to> wrote: > On Tue, Mar 22, 2005 at 17:27:25 +0530, > Rajarshi Mukherjee <mukherjee.rajarshi@gmail.com> wrote: > > Hello all, > > > > i have a function that updates a table. I gave execute grant on it to > > a particular user but no grant on the table in question. > > > > when logging in as that user and executing the function, i get an error > > ERROR: permission denied for relation <table_name> > > > > How can i ensure that any update on this table is only done through > > that function, and that the function is oublicly executable? > > You need to create the function with the security definer property. > > > > > Please provide suggestions. > > > > Thanks & Regards, > > Raj. > > > > ---------------------------(end of broadcast)--------------------------- > > TIP 3: if posting/reading through Usenet, please send an appropriate > > subscribe-nomail command to majordomo@postgresql.org so that your > > message can get through to the mailing list cleanly >
Rajarshi Mukherjee wrote: > Hello all, > > i have a function that updates a table. I gave execute grant on it to > a particular user but no grant on the table in question. > > when logging in as that user and executing the function, i get an error > ERROR: permission denied for relation <table_name> > > How can i ensure that any update on this table is only done through > that function, and that the function is oublicly executable? Check the manuals for "CREATE FUNCTION" - particularly the section on SECURITY INVOKER vs SECURITY DEFINER -- Richard Huxton Archonet Ltd
On Mar 22, 2005, at 7:17 AM, Rajarshi Mukherjee wrote: > PLEASE GIVE ME AN EXAMPLE.. Just add the "SECURITY DEFINER" keyword to the function definition. http://www.postgresql.org/docs/8.0/interactive/sql-createfunction.html John DeSoi, Ph.D. http://pgedit.com/ Power Tools for PostgreSQL
On Tue, Mar 22, 2005 at 17:47:48 +0530, Rajarshi Mukherjee <mukherjee.rajarshi@gmail.com> wrote: > PLEASE GIVE ME AN EXAMPLE.. Please read the documentation of the CREATE FUNCTION command. > > > On Tue, 22 Mar 2005 06:24:58 -0600, Bruno Wolff III <bruno@wolff.to> wrote: > > On Tue, Mar 22, 2005 at 17:27:25 +0530, > > Rajarshi Mukherjee <mukherjee.rajarshi@gmail.com> wrote: > > > Hello all, > > > > > > i have a function that updates a table. I gave execute grant on it to > > > a particular user but no grant on the table in question. > > > > > > when logging in as that user and executing the function, i get an error > > > ERROR: permission denied for relation <table_name> > > > > > > How can i ensure that any update on this table is only done through > > > that function, and that the function is oublicly executable? > > > > You need to create the function with the security definer property. > > > > > > > > Please provide suggestions. > > > > > > Thanks & Regards, > > > Raj. > > > > > > ---------------------------(end of broadcast)--------------------------- > > > TIP 3: if posting/reading through Usenet, please send an appropriate > > > subscribe-nomail command to majordomo@postgresql.org so that your > > > message can get through to the mailing list cleanly > >