On 4/29/15 1:05 PM, Joshua D. Drake wrote:
[ discussion about read-only columns ]See here GRANT { { SELECT | INSERT | UPDATE | REFERENCES } ( column_name [, ...] )
What I don't like about relying on GRANT is that the table owner gets to bypass all that, as does a superuser. So when I'm serious about an operation (insert, update or delete) not happening on something, I put a trigger in place. Obviously a table owner or SU can always disable that, but they can't do it accidentally. I would love the ability to restrict operations both at a table and a column level.
BTW, John, you mentioned RULEs elsewhere... be very careful about using those. They're incredibly easy to get wrong and generally not worth the trouble.
-- Jim Nasby, Data Architect, Blue Treble Consulting Data in Trouble? Get it in Treble! http://BlueTreble.com -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
