| Lists: | pgsql-hackers |
|---|
| From: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> |
|---|---|
| To: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Can I check if somebody is superuser in stored procedure? |
| Date: | 2011-03-27 13:21:18 |
| Message-ID: | AANLkTimgXQUjkjayhxTXCXhjo6COoS3M1a85RX=jP0Zr@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers |
Hello
Is there some simple possibility to check a rights from stored procedure?
Regards
Pavel Stehule
| From: | David Fetter <david(at)fetter(dot)org> |
|---|---|
| To: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Can I check if somebody is superuser in stored procedure? |
| Date: | 2011-03-27 22:05:59 |
| Message-ID: | 20110327220559.GF20196@fetter.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers |
On Sun, Mar 27, 2011 at 03:21:18PM +0200, Pavel Stehule wrote:
> Hello
>
> Is there some simple possibility to check a rights from stored procedure?
Well, there's the catalog lookup method:
SELECT EXISTS (SELECT 1 FROM pg_catalog.pg_roles WHERE rolname=$1 AND rolsuper)
Is that what you had in mind?
Cheers,
David.
--
David Fetter <david(at)fetter(dot)org> http://fetter.org/
Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter
Skype: davidfetter XMPP: david(dot)fetter(at)gmail(dot)com
iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics
Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate
| From: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> |
|---|---|
| To: | David Fetter <david(at)fetter(dot)org> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Can I check if somebody is superuser in stored procedure? |
| Date: | 2011-03-28 06:29:28 |
| Message-ID: | AANLkTi=X297bB2GwaW4hPREd3+DZsfXSxxjjyrTYW3Sm@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers |
Hello
2011/3/28 David Fetter <david(at)fetter(dot)org>:
> On Sun, Mar 27, 2011 at 03:21:18PM +0200, Pavel Stehule wrote:
>> Hello
>>
>> Is there some simple possibility to check a rights from stored procedure?
>
> Well, there's the catalog lookup method:
>
> SELECT EXISTS (SELECT 1 FROM pg_catalog.pg_roles WHERE rolname=$1 AND rolsuper)
>
> Is that what you had in mind?
I found this too, but it isn't what I searched - I searched a some
exported function based on internal cache.
For my purpose is this solution enough.
Regards
Pavel
>
> Cheers,
> David.
> --
> David Fetter <david(at)fetter(dot)org> http://fetter.org/
> Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter
> Skype: davidfetter XMPP: david(dot)fetter(at)gmail(dot)com
> iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics
>
> Remember to vote!
> Consider donating to Postgres: http://www.postgresql.org/about/donate
>
| From: | Jim Nasby <jim(at)nasby(dot)net> |
|---|---|
| To: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> |
| Cc: | David Fetter <david(at)fetter(dot)org>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Can I check if somebody is superuser in stored procedure? |
| Date: | 2011-04-06 14:51:22 |
| Message-ID: | 0C066B83-8A3A-4E44-AC08-6DD9E74FE72F@nasby.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers |
On Mar 28, 2011, at 1:29 AM, Pavel Stehule wrote:
>>> Is there some simple possibility to check a rights from stored procedure?
>>
>> Well, there's the catalog lookup method:
>>
>> SELECT EXISTS (SELECT 1 FROM pg_catalog.pg_roles WHERE rolname=$1 AND rolsuper)
>>
>> Is that what you had in mind?
>
> I found this too, but it isn't what I searched - I searched a some
> exported function based on internal cache.
>
> For my purpose is this solution enough.
Note that doesn't work if the user has superuser because it was granted via another role.
--
Jim C. Nasby, Database Architect jim(at)nasby(dot)net
512.569.9461 (cell) http://jim.nasby.net
| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Jim Nasby <jim(at)nasby(dot)net> |
| Cc: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com>, David Fetter <david(at)fetter(dot)org>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Can I check if somebody is superuser in stored procedure? |
| Date: | 2011-04-06 19:13:08 |
| Message-ID: | 1302117188.14384.4.camel@vanquo.pezone.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers |
On ons, 2011-04-06 at 09:51 -0500, Jim Nasby wrote:
> Note that doesn't work if the user has superuser because it was granted via another role.
You can only be a superuser if your own superuser bit is set. It cannot
be granted via some other role. (Not sure whether that's a feature.)