On Sun, Jan 28, 2007 at 01:21:09PM -0500, Bill Moran wrote: > The only thing that's missing is row-level granularity. There's at least > one project out there supporting that, and you can also simulate it with > clever usage of stored procedures and the ability to run them with the > permissions of the definer instead of the executer. You can also use rules to protect rows. E.g. CREATE RULE atable__lock_user_insert AS ON INSERT TO atable WHERE CURRENT_USER != 'mysuper' AND new.username != CURRENT_USER DO INSTEAD nothing; CREATE RULE atable__lock_user_update AS ON UPDATE TO atable WHERE CURRENT_USER != 'mysuper' AND old.username != CURRENT_USER DO INSTEAD nothing; CREATE RULE atable__lock_user_delete AS ON DELETE TO atable WHERE CURRENT_USER != 'mysuper' AND old.username != CURRENT_USER DO INSTEAD nothing; -- Ron Peterson https://www.yellowbank.com/
