OK, let me think. In my situation, I'm writing an accounting app. A
typical situation would be a standard user would be able to update data
in a timesheet while an administrator would be able to approve the time
sheet. If I gave the standard user access to the timesheet header
table, they would also have access to an approval field, so I'd need
something like "column" level security. I could put in a trigger where
I check the permissions of someone attempting to set the approval
column. Yes, I think that would probably work.
I think you're correct. I can do pretty much what I want without
developing a proxy server. That's what I think I'll do, my original
plan of adding users with different roles. It still gives me the
creeps, allowing lots of people direct access to my server.
Thanks.
Bill Moran wrote:
Furface <furface@xxxxxxxxxxxx> wrote:
Thanks Tom. You know I thought about this approach a little more. I
don't think there's a simple answer to this security problem short of
placing a proxy server application between the clients and the
database. The problem with giving database role accounts to each and
every user is that the users now have uncontrolled access to the
database.
Ummm ... huh?
PostgreSQL has a pretty nice security model that gives you a great deal
of control over what users have access to:
http://www.postgresql.org/docs/8.2/static/user-manag.html
The only thing that's missing is row-level granularity. There's at least
one project out there supporting that, and you can also simulate it with
clever usage of stored procedures and the ability to run them with the
permissions of the definer instead of the executer.
-Bill
