From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Michael Trausch <michael(dot)trausch(at)comcast(dot)nope(dot)net> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: Database security granularity |
Date: | 2006-04-03 00:27:24 |
Message-ID: | 26228.1144024044@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Michael Trausch <michael(dot)trausch(at)comcast(dot)nope(dot)net> writes:
> I'd like to know if I can constrict database and data access
> on a row-level with PgSQL by using some sort of trickery in the database
> configuration itself.
You could do this with views, on the order of
create view secure_view as
select * from base_table where access_allowed(current_user, ...);
where you need to write an access_allowed function that implements your
security policy (probably based on fields in the base table that are not
reflected in the view, so it's not really gonna be "select *"). Then
you grant access to the view but not the base table to the users.
Also, take a look at
http://pgfoundry.org/projects/veil/
and search the archives for past discussions of row-level security.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2006-04-03 01:13:46 | Re: 8.1.3, libpq, PQprepare, plpgsql function, and partitioned tables |
Previous Message | sconeek | 2006-04-03 00:21:03 | Re: Cant find temp tables |