| Lists: | pgsql-general |
|---|
| From: | dipti shah <shahdipti1980(at)gmail(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Is it possible to findout actual owner of table? |
| Date: | 2010-03-09 06:21:05 |
| Message-ID: | d5b05a951003082221y6416af68r7c9c6132469d785c@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-general |
Hi,
I have created the stored procedure that allows particular users to create
the table. I want to prevent users to drop the tables owned by someone esle
and hence, I am making owner of each table created by this stored procedure
to super user(postgres) so that no one will be allowed to drop/alter table.
I want to allow to drop/alter the table by actuall user who ran the stored
procedure to create the table. Could anyone please suggest me how to proceed
with this?
Thanks,
Dipti
| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | dipti shah <shahdipti1980(at)gmail(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Is it possible to findout actual owner of table? |
| Date: | 2010-03-09 06:24:32 |
| Message-ID: | 3918.1268115872@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-general |
dipti shah <shahdipti1980(at)gmail(dot)com> writes:
> I have created the stored procedure that allows particular users to create
> the table. I want to prevent users to drop the tables owned by someone esle
> and hence, I am making owner of each table created by this stored procedure
> to super user(postgres) so that no one will be allowed to drop/alter table.
> I want to allow to drop/alter the table by actuall user who ran the stored
> procedure to create the table. Could anyone please suggest me how to proceed
> with this?
It sounds like you are going to a great deal of trouble to reinvent the
standard behavior. Why not forget the stored procedure and just let
users create and drop their own tables?
regards, tom lane
| From: | dipti shah <shahdipti1980(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Is it possible to findout actual owner of table? |
| Date: | 2010-03-09 06:29:36 |
| Message-ID: | d5b05a951003082229k5c8a8064gf6c38b70f4950109@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-general |
I don't want users to create/drop/alter anything directly. They have to use
stored procedure for everything. The stored procedure creates logging tables
and stores many other auditing information so it is madatory to prevent
users from running any direct commands.
Thanks,
Dipti
On Tue, Mar 9, 2010 at 11:54 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> dipti shah <shahdipti1980(at)gmail(dot)com> writes:
> > I have created the stored procedure that allows particular users to
> create
> > the table. I want to prevent users to drop the tables owned by someone
> esle
> > and hence, I am making owner of each table created by this stored
> procedure
> > to super user(postgres) so that no one will be allowed to drop/alter
> table.
> > I want to allow to drop/alter the table by actuall user who ran the
> stored
> > procedure to create the table. Could anyone please suggest me how to
> proceed
> > with this?
>
> It sounds like you are going to a great deal of trouble to reinvent the
> standard behavior. Why not forget the stored procedure and just let
> users create and drop their own tables?
>
> regards, tom lane
>
| From: | John R Pierce <pierce(at)hogranch(dot)com> |
|---|---|
| To: | dipti shah <shahdipti1980(at)gmail(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Is it possible to findout actual owner of table? |
| Date: | 2010-03-09 06:49:58 |
| Message-ID: | 4B95EF96.4070007@hogranch.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-general |
dipti shah wrote:
> I don't want users to create/drop/alter anything directly. They have
> to use stored procedure for everything. The stored procedure creates
> logging tables and stores many other auditing information so it is
> madatory to prevent users from running any direct commands.
>
may be you should use middleware instead and not let your users connect
directly to SQL at all.
so, any DDL changes, you'd call the middleware server, it would
authenticate the user, decide whats allowed, maintain your audit trail,
logging, etc. ditto, any operations that require database queries, etc,
would all be done by this middleware.
| From: | dipti shah <shahdipti1980(at)gmail(dot)com> |
|---|---|
| To: | John R Pierce <pierce(at)hogranch(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Is it possible to findout actual owner of table? |
| Date: | 2010-03-09 07:35:39 |
| Message-ID: | d5b05a951003082335s44945af5u34ebf948d5b89c84@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-general |
What is middleware?
Is it similar to stored procedure? That what I have been doing. I have
revoked all permissions from mydb schema from public and have SECURITY
DEFINER enable for stored procedure to allow creating/droping/altering
tables.
Thanks.
On Tue, Mar 9, 2010 at 12:19 PM, John R Pierce <pierce(at)hogranch(dot)com> wrote:
> dipti shah wrote:
>
>> I don't want users to create/drop/alter anything directly. They have to
>> use stored procedure for everything. The stored procedure creates logging
>> tables and stores many other auditing information so it is madatory to
>> prevent users from running any direct commands.
>>
>>
>
> may be you should use middleware instead and not let your users connect
> directly to SQL at all.
>
> so, any DDL changes, you'd call the middleware server, it would
> authenticate the user, decide whats allowed, maintain your audit trail,
> logging, etc. ditto, any operations that require database queries, etc,
> would all be done by this middleware.
>
>
>
>
>
| From: | John R Pierce <pierce(at)hogranch(dot)com> |
|---|---|
| To: | dipti shah <shahdipti1980(at)gmail(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Is it possible to findout actual owner of table? |
| Date: | 2010-03-09 07:43:14 |
| Message-ID: | 4B95FC12.1060408@hogranch.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-general |
dipti shah wrote:
> What is middleware?
An application server that does all the business logic. your user
software calls the application server to do things, and it in turn
accesses the database. User written software is not alloweed to
directly connecct to the databases at all. Classic example of a
middleware platform Apache Tomcat
| From: | dipti shah <shahdipti1980(at)gmail(dot)com> |
|---|---|
| To: | John R Pierce <pierce(at)hogranch(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Is it possible to findout actual owner of table? |
| Date: | 2010-03-09 08:21:38 |
| Message-ID: | d5b05a951003090021l523fb6e2n7993e66bd1d39846@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-general |
Hmm...that would be too much work I think. Ayway, could you point me some
useful link for postgresql middleware?
Thanks.
On Tue, Mar 9, 2010 at 1:13 PM, John R Pierce <pierce(at)hogranch(dot)com> wrote:
> dipti shah wrote:
>
>> What is middleware?
>>
>
> An application server that does all the business logic. your user software
> calls the application server to do things, and it in turn accesses the
> database. User written software is not alloweed to directly connecct to
> the databases at all. Classic example of a middleware platform Apache
> Tomcat
>
>
>