Re: security for row level but not based on Database user's

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Friends wrote:
Hi

I need to set security for row level but not based on Database user's
login. It should be based on the user table login. For the particular
user I need to allow only the particular records to access insert,
update delete and select.

Well, the data access stuff is all manageable via views, which is the standard way to do this.

You don't say which version of PostgreSQL you are using, but I'd be tempted just to switch to a different user after connecting and use the session_user system function to control what is visible in the view.

For example:
CREATE VIEW my_contacts AS SELECT * FROM contacts WHERE owner = session_user;

If that's not practical then you'll need to write some functions to simulate your own session_user (say application_user()). This is easiest to write in plperl/pltcl or some other interpreted language - check the list archvies for plenty of discussion.

--
  Richard Huxton
  Archonet Ltd


[Postgresql General]     [Postgresql PHP]     [PHP Users]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Yosemite]

  Powered by Linux