Thread: User Permissions

User Permissions

From
Braum Meakes
Date:
Hello,

I have a function that I've written in plpgsql.  In it I lock a table 
before selecting a value and, depending on the value, either update the 
record selected or insert a new one.  It works perfectly when I run it as a 
super-user or as the owner of the table.  However, as a standard user I am 
unable to lock the table.  How do I either run the function at the owners 
level, or change the permissions on the table to allow the user to lock it?

I am unable to lock the table as a standard user at any time, not just when 
running the function.

Thanks in advance,

Braum Meakes



Re: User Permissions

From
"SHELTON,MICHAEL (Non-HP-Boise,ex1)"
Date:
I don't have an answer for your issue, just a question on your process:

Why do you lock the table instead of using a transaction?  The transaction
would prevent the data from changing until you either applied your changes
(insert or update) and commited the transaction or rolled back the
transaction (due to an error or something).

Mike

-----Original Message-----
From: Braum Meakes [mailto:braum@telus.net]
Sent: Thursday, January 17, 2002 3:28 PM
To: pgsql-sql@postgresql.org
Subject: [SQL] User Permissions


Hello,

I have a function that I've written in plpgsql.  In it I lock a table 
before selecting a value and, depending on the value, either update the 
record selected or insert a new one.  It works perfectly when I run it as a 
super-user or as the owner of the table.  However, as a standard user I am 
unable to lock the table.  How do I either run the function at the owners 
level, or change the permissions on the table to allow the user to lock it?

I am unable to lock the table as a standard user at any time, not just when 
running the function.

Thanks in advance,

Braum Meakes


---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command   (send "unregister YourEmailAddressHere" to
majordomo@postgresql.org)


Re: User Permissions

From
Braum Meakes
Date:
That's got it.  Thanks!

At 06:12 PM 17/01/02 -0500, you wrote:
>Braum Meakes writes:
>
> > I have a function that I've written in plpgsql.  In it I lock a table
> > before selecting a value and, depending on the value, either update the
> > record selected or insert a new one.  It works perfectly when I run it as a
> > super-user or as the owner of the table.  However, as a standard user I am
> > unable to lock the table.  How do I either run the function at the owners
> > level, or change the permissions on the table to allow the user to lock it?
>
>Depending on what lock method you chose, you probably need to have UPDATE
>permission on the table.  So, as the owner of the table, execute
>
>GRANT UPDATE ON tablename TO yourusername;
>
>For even higher lock-levels you need to be the table owner, but you
>probably don't want to use those anyway.
>
>--
>Peter Eisentraut   peter_e@gmx.net




Re: User Permissions

From
Peter Eisentraut
Date:
Braum Meakes writes:

> I have a function that I've written in plpgsql.  In it I lock a table
> before selecting a value and, depending on the value, either update the
> record selected or insert a new one.  It works perfectly when I run it as a
> super-user or as the owner of the table.  However, as a standard user I am
> unable to lock the table.  How do I either run the function at the owners
> level, or change the permissions on the table to allow the user to lock it?

Depending on what lock method you chose, you probably need to have UPDATE
permission on the table.  So, as the owner of the table, execute

GRANT UPDATE ON tablename TO yourusername;

For even higher lock-levels you need to be the table owner, but you
probably don't want to use those anyway.

-- 
Peter Eisentraut   peter_e@gmx.net



Re: User Permissions

From
chester c young
Date:
I thought SQL standard was that a function got its permissions from its
owner, not its executer.

cc young


__________________________________________________
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/


Re: User Permissions

From
Tom Lane
Date:
Braum Meakes <braum@telus.net> writes:
> I have a function that I've written in plpgsql.  In it I lock a table 
> before selecting a value and, depending on the value, either update the 
> record selected or insert a new one.  It works perfectly when I run it as a 
> super-user or as the owner of the table.  However, as a standard user I am 
> unable to lock the table.

[ eyeballs code ]  LOCK ... IN ACCESS SHARE MODE (ie, read lock)
requires SELECT privileges; all stronger forms of LOCK require UPDATE
and/or DELETE privileges.  This seems to be undocumented :-(.  Am
fixing the LOCK reference page now.

Per subsequent discussion, it's not real clear that you need LOCK at
all ... but the docs need to explain the privilege rules, since they're
not exactly obvious.
        regards, tom lane


Re: User Permissions

From
Peter Eisentraut
Date:
chester c young writes:

> I thought SQL standard was that a function got its permissions from its
> owner, not its executer.

Functions can be defined both ways (at least in SQL).  The default is
implementation-defined.

-- 
Peter Eisentraut   peter_e@gmx.net



Re: User Permissions

From
Jan Wieck
Date:
SHELTON,MICHAEL (Non-HP-Boise,ex1) wrote:
> I don't have an answer for your issue, just a question on your process:
>
> Why do you lock the table instead of using a transaction?  The transaction
> would prevent the data from changing until you either applied your changes
> (insert or update) and commited the transaction or rolled back the
> transaction (due to an error or something).
   He  is  most  probably doing so to achieve the every so often   desired IF_EXISTS_UPDATE_ELSE_INSERT functionality.
   A function in PostgreSQL is allways guaranteed to be  covered   by  a  transaction.  But that doesn't matter. If you
selecta   key for update and based on if you found it decide to  update   or insert, you have a possible race
condition.
   Doing
       SELECT x FROM y WHERE z = 666 FOR UPDATE
   will  succeed in multiple transactions simultaneously as long   as there is no row with z = 666. So the entire  code
section   of  checking  if the key exists until update or insert has to   be covered by a mutex, and there is no other
mutex mechanism   available than a table lock.
 
   Even  if  it's  not  standard,  I  would be for a proprietary   extension that actually implements some  sort  of
mutex for   stored procedures.
 


Jan

--

#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me.                                  #
#================================================== JanWieck@Yahoo.com #



_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com