Home > mailing lists

Thread: Fwd: Help using user rights

Fwd: Help using user rights

From

Valentin Militaru

Date:

07 September 2006, 11:13:44

Hello,

I have a question regarding user rights.

I have one user in postgres8.01. which connects from a webserver and inserts

some data into a table. It only has INSERT access on that table.

ON the other hand, on the same table a have an after-insert trigger which

executes a function owned by a more powerful user.

My problem is that when I try to insert some data with the webserver user,

PostgreSQL wants that user to have access to all the relations used in the

trigger function.

Is there any way to avoid granting the light user with all those rigths?

Thank you very much!

Re: Fwd: Help using user rights

From

Martijn van Oosterhout

Date:

07 September 2006, 12:21:25

On Thu, Sep 07, 2006 at 02:12:57PM +0300, Valentin Militaru wrote:
> I have one user in postgres8.01. which connects from a webserver and inserts
> some data into a table. It only has INSERT access on that table.
> ON the other hand, on the same table a have an after-insert trigger which
> executes a function owned by a more powerful user.
> My problem is that when I try to insert some data with the webserver user,
> PostgreSQL wants that user to have access to all the relations used in the
> trigger function.
>
> Is there any way to avoid granting the light user with all those rigths?

You could declare the function "SECURITY DEFINER", then it will always
have the rights of the person who created the trigger.

Have a nice day,
--
Martijn van Oosterhout   <kleptog@svana.org>   http://svana.org/kleptog/
> From each according to his ability. To each according to his ability to litigate.

Attachment

signature.asc