Re: [SQL] about permissions

Поиск
Список
Период
Сортировка
От wieck@debis.com (Jan Wieck)
Тема Re: [SQL] about permissions
Дата
Msg-id m10mdwl-000EBPC@orion.SAPserv.Hamburg.dsh.de
обсуждение исходный текст
Ответ на about permissions  (Remigiusz Sokolowski <rems@gdansk.sprint.pl>)
Ответы Re: [SQL] about permissions  (wieck@debis.com (Jan Wieck))
Re: [SQL] about permissions  (Remigiusz Sokolowski <rems@gdansk.sprint.pl>)
Список pgsql-sql
Remigiusz Sokolowski wrote:

>
> hi!
> First short explanation:
> I create application in php. In scripts I need sometimes check if user has
> permissions to for example update values in some table
>
> So question:
> How should looks my queryi like?
>
> I mean something like
> select pg_class.relacl where relname='cust' and
> pg_class.relacl[2]='my_user=arwR'; (this query doesn't work)
>
> and another difficult problem:
> I don't know what place in relacl array is occupied by permissions for my
> user and of course can't check for string 'myuser=arwR' cause permissions
> could be 'arw', 'ar', 'r'.
> Naturally I can solve this by taking whole array and processing data in
> php, but
> I could be really fine to solve this inside postgres

    You  can  compile+install PL/Tcl in your database and use the
    function I've included at the end. It's usage is:

    --
    -- PL/Tcl function to verify if a user has specific permissions
    -- on a relation.
    --
    -- Usage:      check_permission(relname,username,perms)
    --
    --             perms is a string consisting of any combination of the
    --             characters a,r,w and R (R means RULE permission).
    --
    -- Returns:    true if user has ALL permissions
    --             false if at least one permission is missing
    --
    -- Exceptions: generates an error if the relation or it's owner
    --             aren't found in the system catalogs
    --

    The perms string can be given in any order, so 'awr' is equal
    to   'raw'.   It   follows  the  PostgreSQL  semantics  where
    superusers  bypass  all  access  restrictions,  a  user   not
    explicitly  listed  in  the  acl has the rights of the public
    entry and if there is no acl at all, only the owner has  full
    rights.

    It  does  NOT  handle group permissions up to now. You didn't
    told that you need this functionality too.

    Hope that solves your problem.


Jan

--

#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me.                                  #
#======================================== jwieck@debis.com (Jan Wieck) #

В списке pgsql-sql по дате отправления:

Предыдущее
От: "Emils Klotins"
Дата:
Сообщение: CASE WHEN / 6.4.2? + no doc in installed documentation
Следующее
От: wieck@debis.com (Jan Wieck)
Дата:
Сообщение: Re: [SQL] about permissions