Tom Lane a écrit :
Samuel Thoraval <[EMAIL PROTECTED]> writes:
I have been trying this example not executing the GRANT UPDATE statement
at first to check that user b doesn't have the right to update. The
problem is that even though B was not granted the update privilege, it
w
Samuel Thoraval <[EMAIL PROTECTED]> writes:
> I have been trying this example not executing the GRANT UPDATE statement
> at first to check that user b doesn't have the right to update. The
> problem is that even though B was not granted the update privilege, it
> worked anyway. In other words, s
I have been trying to use views to restrict access to a subset of data
as stated :
Using Andrus's example for user B with document in public schema :
REVOKE ALL FROM public.document;
CREATE SCHEMA b AUTHORIZATION b;
CREATE VIEW b.document AS SELECT * FROM public.document WHERE
DocumentType
On Sun, 2005-03-07 at 23:14 +0300, Andrus Moor wrote:
> > Does the application really need superuser privileges or is that
> > just a convenience? It's usually a good idea to follow the "Principle
> > of Least Privilege" -- do some searches on that phrase to learn
> > more about it and the rationa
On 7/4/05, Gregory Youngblood <[EMAIL PROTECTED]> wrote:
> I would strongly suggest that you create a database specific user,
> one that has read/write access within this database, and that your
> application use that user instead of the pg super user.
>
> In general, the "super user" should never
I would strongly suggest that you create a database specific user,
one that has read/write access within this database, and that your
application use that user instead of the pg super user.
In general, the "super user" should never be used, except for
specific administrative tasks. This hol
Greg,
using views would be nice.
I have also a add privilege which allows to add only new documents. I think
that this requires writing triggers in Postgres.
This seems to be a lot of work.
I do'nt have enough knowledge to implement this in Postgres.
So it seems to more reasonable to run my ap
> Does the application really need superuser privileges or is that
> just a convenience? It's usually a good idea to follow the "Principle
> of Least Privilege" -- do some searches on that phrase to learn
> more about it and the rationale for following it.
> Whether this approach is "secure and b
On Fri, Jul 01, 2005 at 09:43:34PM +0300, Andrus wrote:
>
> My application connects to Postgres always as superuser, using user name
> postgres.
> Postgres server as only one user.
Does the application really need superuser privileges or is that
just a convenience? It's usually a good idea to f
"Michael Fuhr" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> On Fri, Jul 01, 2005 at 01:56:41PM +0300, Andrus wrote:
>>
>> I want to restrict access to this table based on the user name, document
>> type and access level. I have 3 levels: no access, view only, modify
>> access.
>
I believe you can probably use views to accomplish this.
You create a view that is populated based on their username. Then you
remove access to the actual table, and grant access to the view.
When people look at the table, they will only see the data in the
view and will not have access to
On Fri, Jul 01, 2005 at 08:46:04 -0600,
Michael Fuhr <[EMAIL PROTECTED]> wrote:
> On Fri, Jul 01, 2005 at 01:56:41PM +0300, Andrus wrote:
>
> > 2. Postgres should allow access from my application only. Is it possible to
> > use authentication method which allows access from my application only
On Fri, Jul 01, 2005 at 01:56:41PM +0300, Andrus wrote:
>
> I want to restrict access to this table based on the user name, document
> type and access level. I have 3 levels: no access, view only, modify access.
>
> Example:
>
> User A can only view documents of type X and modify documents of t
13 matches
Mail list logo
