security via views
This is a discussion on security via views within the pgsql Admins forums, part of the PostgreSQL category; --> Hi folks, we've got a larger project with several subsystems, which should run in their own security context / ...
| |||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-10-2008, 01:46 AM
| ||||
| ||||
 security via views Hi folks, we've got a larger project with several subsystems, which should run in their own security context / users. Most of the database access works over views and functions. For functions its possible to run them with separate privileges than the calling user. But is this also possible with views ? I've noticed that for views also GRANT is necessary (AFAIK a view is nothing else than a table with appropriate RULEs). Does it work to grant some user access to his own view, but not to the tables where the view works on ? thx -- --------------------------------------------------------------------- Enrico Weigelt == metux IT service phone: +49 36207 519931 www: http://www.metux.de/ fax: +49 36207 519932 email: contact@metux.de cellphone: +49 174 7066481 --------------------------------------------------------------------- -- DSL ab 0 Euro. -- statische IP -- UUCP -- Hosting -- Webshops -- --------------------------------------------------------------------- ---------------------------(end of broadcast)--------------------------- TIP 2: you can get off all lists at once with the unregister command (send "unregister YourEmailAddressHere" to majordomo@postgresql.org)      |
|
04-10-2008, 01:46 AM
| |||
| |||
| Re: security via views Hello, yes this works. Just drop the rights on the table and grand the rights on the view. Peter Am Mittwoch, 27. April 2005 17:52 schrieb Enrico Weigelt: > Hi folks, > > we've got a larger project with several subsystems, which should > run in their own security context / users. > > Most of the database access works over views and functions. > For functions its possible to run them with separate privileges > than the calling user. But is this also possible with views ? > I've noticed that for views also GRANT is necessary (AFAIK a > view is nothing else than a table with appropriate RULEs). > Does it work to grant some user access to his own view, but > not to the tables where the view works on ? > > > thx ---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster |
|
04-10-2008, 01:46 AM
| ||||
| ||||
| Re: security via views Enrico Weigelt <weigelt@metux.de> writes: > Most of the database access works over views and functions. > For functions its possible to run them with separate privileges > than the calling user. But is this also possible with views ? > I've noticed that for views also GRANT is necessary (AFAIK a > view is nothing else than a table with appropriate RULEs). You have noticed incorrectly. A view's references to other tables are privilege-checked with respect to the owner of the view. regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster |
Linear Mode
