Search Postgresql Archives

Re: Define permissions at database level

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 18/02/10 08:53, dipti shah wrote:

Hi,

Is it possible to define the permissions at database level such that no
users(except postgres) can execute DROP, ALTER, TRUNCATE commands directily?
Users have to use the given stored procedures.
1. Place users into appropriate groups (makes it easier to manage later). Note that groups and users are actually both just roles. 

2. Use GRANT/REVOKE to restrict what those users can do.
3. Write your "alter table" function owned by user "postgres" and make sure it's marked "SECURITY DEFINER". 

http://www.postgresql.org/docs/8.4/static/user-manag.html
http://www.postgresql.org/docs/8.4/static/sql-createfunction.html

--
  Richard Huxton
  Archonet Ltd

--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux