Thread: Permissions and PGSQL
Hi, I use PgSql for a lot of our company's need and I lack some features. I would like to know if there is plans to implement: - User permissions based on columns? (Ex: User1 has Select on Column "CompayName" but User2 has update on column "CompanyName" while User3 has create new row on table). - Permissions on create table. This is the most lacking permission problem actually, since everyone that can log in PgSql can create tables... Thanks to share ideas and on going work. -jec
> I use PgSql for a lot of our company's need and I lack some features. > I would like to know if there is plans to implement: > - User permissions based on columns? (Ex: User1 has Select on Column "CompayName" > but User2 has update on column "CompanyName" while User3 has create new row > on table). These do not exist yet in pgsql. > - Permissions on create table. This is the most lacking permission problem > actually, since everyone that can log in PgSql can create tables... This does exist. The CREATE permission on schemas is what you want. Perhaps the CREATE permission on databases as well. You need to revoke these from the public schema. Or even just drop the public schema. Chris
On Tue, Dec 16, 2003 at 13:41:32 +0500, Jean-Eric Cuendet <jean-eric.cuendet@bluewin.ch> wrote: > Hi, > I use PgSql for a lot of our company's need and I lack some features. > I would like to know if there is plans to implement: > - User permissions based on columns? (Ex: User1 has Select on Column "CompayName" > but User2 has update on column "CompanyName" while User3 has create new row > on table). As the previous responder said that is no standard column security. However it should be possible to do something custom to do this using rules and/or triggers.
Jean-Eric Cuendet wrote: > - User permissions based on columns? (Ex: User1 has Select on Column > "CompayName" but User2 has update on column "CompanyName" while User3 > has create new row on table). Well, I have about half a patch for column privileges lying around, but I've never had enough motivation to do the other, more complicated half...
On Monday 05 January 2004 12:51, Peter Eisentraut wrote:
> Jean-Eric Cuendet wrote:
> > - User permissions based on columns? (Ex: User1 has Select on Column
> > "CompayName" but User2 has update on column "CompanyName" while User3
> > has create new row on table).
>
> Well, I have about half a patch for column privileges lying around, but
> I've never had enough motivation to do the other, more complicated
> half...
>
Is there a TODO and TODO.detail warrented here?
Robert Treat
--
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
Robert Treat wrote: > On Monday 05 January 2004 12:51, Peter Eisentraut wrote: > > Jean-Eric Cuendet wrote: > > > - User permissions based on columns? (Ex: User1 has Select on Column > > > "CompayName" but User2 has update on column "CompanyName" while User3 > > > has create new row on table). > > > > Well, I have about half a patch for column privileges lying around, but > > I've never had enough motivation to do the other, more complicated > > half... > > > > Is there a TODO and TODO.detail warrented here? I thought views took care of this. Comments? -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001+ If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania19073
>>>Well, I have about half a patch for column privileges lying around, but >>>I've never had enough motivation to do the other, more complicated >>>half... >>> >> >>Is there a TODO and TODO.detail warrented here? > > > I thought views took care of this. Comments? They're needed for SQL99 anyway I think. Chris
Bruce Momjian <pgman@candle.pha.pa.us> writes:
> On Monday 05 January 2004 12:51, Peter Eisentraut wrote:
>> Jean-Eric Cuendet wrote:
>>> - User permissions based on columns?
>
>> Well, I have about half a patch for column privileges lying around, but
>> I've never had enough motivation to do the other, more complicated
>> half...
> I thought views took care of this. Comments?
You can do it with views, but it's tedious, and more to the point the
SQL standard says that you're supposed to be able to do it directly.
So I think this should be on TODO. I wouldn't put a real high priority
on it personally, but it's a spec-compliance item ...
regards, tom lane
Tom Lane wrote: > Bruce Momjian <pgman@candle.pha.pa.us> writes: > > On Monday 05 January 2004 12:51, Peter Eisentraut wrote: > >> Jean-Eric Cuendet wrote: > >>> - User permissions based on columns? > > > >> Well, I have about half a patch for column privileges lying around, but > >> I've never had enough motivation to do the other, more complicated > >> half... > > > I thought views took care of this. Comments? > > You can do it with views, but it's tedious, and more to the point the > SQL standard says that you're supposed to be able to do it directly. > So I think this should be on TODO. I wouldn't put a real high priority > on it personally, but it's a spec-compliance item ... Added to TODO: * Allow column-level privileges -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001+ If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania19073