Thread: grant problem

grant problem

From
Rajarshi Mukherjee
Date:
 Hello all,

 i have a function that updates a table. I gave execute grant on it to
 a particular user but no grant on the table in question.

 when logging in as that user and executing the function, i get an error
 ERROR: permission denied for relation <table_name>

 How can i ensure that any update on this table is only done through
 that function, and that the function is oublicly executable?

 Please provide suggestions.

 Thanks & Regards,
Raj.

Re: grant problem

From
Bruno Wolff III
Date:
On Tue, Mar 22, 2005 at 17:27:25 +0530,
  Rajarshi Mukherjee <mukherjee.rajarshi@gmail.com> wrote:
>  Hello all,
>
>  i have a function that updates a table. I gave execute grant on it to
>  a particular user but no grant on the table in question.
>
>  when logging in as that user and executing the function, i get an error
>  ERROR: permission denied for relation <table_name>
>
>  How can i ensure that any update on this table is only done through
>  that function, and that the function is oublicly executable?

You need to create the function with the security definer property.

>
>  Please provide suggestions.
>
>  Thanks & Regards,
> Raj.
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
>       subscribe-nomail command to majordomo@postgresql.org so that your
>       message can get through to the mailing list cleanly

Re: grant problem

From
Rajarshi Mukherjee
Date:
PLEASE GIVE ME AN EXAMPLE..


On Tue, 22 Mar 2005 06:24:58 -0600, Bruno Wolff III <bruno@wolff.to> wrote:
> On Tue, Mar 22, 2005 at 17:27:25 +0530,
>  Rajarshi Mukherjee <mukherjee.rajarshi@gmail.com> wrote:
> >  Hello all,
> >
> >  i have a function that updates a table. I gave execute grant on it to
> >  a particular user but no grant on the table in question.
> >
> >  when logging in as that user and executing the function, i get an error
> >  ERROR: permission denied for relation <table_name>
> >
> >  How can i ensure that any update on this table is only done through
> >  that function, and that the function is oublicly executable?
>
> You need to create the function with the security definer property.
>
> >
> >  Please provide suggestions.
> >
> >  Thanks & Regards,
> > Raj.
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 3: if posting/reading through Usenet, please send an appropriate
> >       subscribe-nomail command to majordomo@postgresql.org so that your
> >       message can get through to the mailing list cleanly
>

Re: grant problem

From
Richard Huxton
Date:
Rajarshi Mukherjee wrote:
>  Hello all,
>
>  i have a function that updates a table. I gave execute grant on it to
>  a particular user but no grant on the table in question.
>
>  when logging in as that user and executing the function, i get an error
>  ERROR: permission denied for relation <table_name>
>
>  How can i ensure that any update on this table is only done through
>  that function, and that the function is oublicly executable?

Check the manuals for "CREATE FUNCTION" - particularly the section on
SECURITY INVOKER vs SECURITY DEFINER

--
   Richard Huxton
   Archonet Ltd

Re: grant problem

From
John DeSoi
Date:
On Mar 22, 2005, at 7:17 AM, Rajarshi Mukherjee wrote:

> PLEASE GIVE ME AN EXAMPLE..


Just add the "SECURITY DEFINER" keyword to the function definition.

http://www.postgresql.org/docs/8.0/interactive/sql-createfunction.html

John DeSoi, Ph.D.
http://pgedit.com/
Power Tools for PostgreSQL


Re: grant problem

From
Bruno Wolff III
Date:
On Tue, Mar 22, 2005 at 17:47:48 +0530,
  Rajarshi Mukherjee <mukherjee.rajarshi@gmail.com> wrote:
> PLEASE GIVE ME AN EXAMPLE..

Please read the documentation of the CREATE FUNCTION command.

>
>
> On Tue, 22 Mar 2005 06:24:58 -0600, Bruno Wolff III <bruno@wolff.to> wrote:
> > On Tue, Mar 22, 2005 at 17:27:25 +0530,
> >  Rajarshi Mukherjee <mukherjee.rajarshi@gmail.com> wrote:
> > >  Hello all,
> > >
> > >  i have a function that updates a table. I gave execute grant on it to
> > >  a particular user but no grant on the table in question.
> > >
> > >  when logging in as that user and executing the function, i get an error
> > >  ERROR: permission denied for relation <table_name>
> > >
> > >  How can i ensure that any update on this table is only done through
> > >  that function, and that the function is oublicly executable?
> >
> > You need to create the function with the security definer property.
> >
> > >
> > >  Please provide suggestions.
> > >
> > >  Thanks & Regards,
> > > Raj.
> > >
> > > ---------------------------(end of broadcast)---------------------------
> > > TIP 3: if posting/reading through Usenet, please send an appropriate
> > >       subscribe-nomail command to majordomo@postgresql.org so that your
> > >       message can get through to the mailing list cleanly
> >