Re: audit table with permissions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Feb 28, 2018 at 2:12 PM, chris <chrisk@xxxxxxxxxxxxxxx> wrote:
I created functions and a trigger to audit tables on my database but I have a problem with permissions on the functions and function schema I created. I can grant permissions to the current user of the original table being audited but I need a way to automate grants and revokes made to the original table so that any time those change in the future I don't have to worry about updating permissions or leaving a hole in security by granting all users full permissions to the functions and function schema.

>From my understanding event triggers can't be set the grant/revoke only create, alter or drop.

Any input would really help me, I'm very fresh to writing functions and triggers.

Thanks,

Chris
 
What about 'create function ... security definer'? That will run the function with the permissions of the person who defined the function, not the person who executes the function ('security invoker'). You still have to worry about changing permissions on the table but only have to worry about how they impact the user that created the function.

Bear


[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux