Search Postgresql Archives

Re: How restrict select on a view ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Dec 15, 2008 at 9:38 PM, Klint Gore <kgore4@xxxxxxxxxx> wrote:
> Andreas wrote:
>>
>> I'd like to have a view only to be used by certain users.
>> The tables are public.
>>
>> Can this only be done by restricting access to the tables?
>>
>
> GRANT/REVOKE works on views
> revoke all on aview from public;
> grant select on aview to user1;
>
> As Raymond pointed out, if user2 knows what the definition of aview is, they
> can just run it against the raw tables.
> e.g.
> create view aview as select * from pg_proc;
> revoke all on aview from public;
> grant select on aview to user1;
> set session authorization user2;
> select * from aview;  -- fails
> select * from pg_proc;  -- works and gives the same result

Yes, but:

* you can still \d the view (or \d equivalent in sql) which shows it's
definition
* if you can \d view, you can 'create temporary view' with the same
definition on public tables

what does this get you?

merlin

-- 
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux