Обсуждение: Permissions and PGSQL

Поиск
Список
Период
Сортировка

Permissions and PGSQL

От
"Jean-Eric Cuendet"
Дата:
Hi,
I use PgSql for a lot of our company's need and I lack some features.
I would like to know if there is plans to implement:
- User permissions based on columns? (Ex: User1 has Select on Column "CompayName"
but User2 has update on column "CompanyName" while User3 has create new row
on table).
- Permissions on create table. This is the most lacking permission problem
actually, since everyone that can log in PgSql can create tables...

Thanks to share ideas and on going work.
-jec



Re: Permissions and PGSQL

От
Christopher Kings-Lynne
Дата:
> I use PgSql for a lot of our company's need and I lack some features.
> I would like to know if there is plans to implement:
> - User permissions based on columns? (Ex: User1 has Select on Column "CompayName"
> but User2 has update on column "CompanyName" while User3 has create new row
> on table).

These do not exist yet in pgsql.

> - Permissions on create table. This is the most lacking permission problem
> actually, since everyone that can log in PgSql can create tables...

This does exist.  The CREATE permission on schemas is what you want. 
Perhaps the CREATE permission on databases as well.  You need to revoke 
these from the public schema.  Or even just drop the public schema.

Chris


Re: Permissions and PGSQL

От
Bruno Wolff III
Дата:
On Tue, Dec 16, 2003 at 13:41:32 +0500, Jean-Eric Cuendet <jean-eric.cuendet@bluewin.ch> wrote:
> Hi,
> I use PgSql for a lot of our company's need and I lack some features.
> I would like to know if there is plans to implement:
> - User permissions based on columns? (Ex: User1 has Select on Column "CompayName"
> but User2 has update on column "CompanyName" while User3 has create new row
> on table).

As the previous responder said that is no standard column security.
However it should be possible to do something custom to do this
using rules and/or triggers.


Re: Permissions and PGSQL

От
Peter Eisentraut
Дата:
Jean-Eric Cuendet wrote:
> - User permissions based on columns? (Ex: User1 has Select on Column
> "CompayName" but User2 has update on column "CompanyName" while User3
> has create new row on table).

Well, I have about half a patch for column privileges lying around, but 
I've never had enough motivation to do the other, more complicated 
half...



Re: Permissions and PGSQL

От
Robert Treat
Дата:
On Monday 05 January 2004 12:51, Peter Eisentraut wrote:
> Jean-Eric Cuendet wrote:
> > - User permissions based on columns? (Ex: User1 has Select on Column
> > "CompayName" but User2 has update on column "CompanyName" while User3
> > has create new row on table).
>
> Well, I have about half a patch for column privileges lying around, but
> I've never had enough motivation to do the other, more complicated
> half...
>

Is there a TODO and TODO.detail warrented here?

Robert Treat
-- 
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL


Re: Permissions and PGSQL

От
Bruce Momjian
Дата:
Robert Treat wrote:
> On Monday 05 January 2004 12:51, Peter Eisentraut wrote:
> > Jean-Eric Cuendet wrote:
> > > - User permissions based on columns? (Ex: User1 has Select on Column
> > > "CompayName" but User2 has update on column "CompanyName" while User3
> > > has create new row on table).
> >
> > Well, I have about half a patch for column privileges lying around, but
> > I've never had enough motivation to do the other, more complicated
> > half...
> >
> 
> Is there a TODO and TODO.detail warrented here?

I thought views took care of this.  Comments?

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073
 


Re: Permissions and PGSQL

От
Christopher Kings-Lynne
Дата:
>>>Well, I have about half a patch for column privileges lying around, but
>>>I've never had enough motivation to do the other, more complicated
>>>half...
>>>
>>
>>Is there a TODO and TODO.detail warrented here?
> 
> 
> I thought views took care of this.  Comments?

They're needed for SQL99 anyway I think.

Chris



Re: Permissions and PGSQL

От
Tom Lane
Дата:
Bruce Momjian <pgman@candle.pha.pa.us> writes:
> On Monday 05 January 2004 12:51, Peter Eisentraut wrote:
>> Jean-Eric Cuendet wrote:
>>> - User permissions based on columns?
> 
>> Well, I have about half a patch for column privileges lying around, but
>> I've never had enough motivation to do the other, more complicated
>> half...

> I thought views took care of this.  Comments?

You can do it with views, but it's tedious, and more to the point the
SQL standard says that you're supposed to be able to do it directly.
So I think this should be on TODO.  I wouldn't put a real high priority
on it personally, but it's a spec-compliance item ...
        regards, tom lane


Re: Permissions and PGSQL

От
Bruce Momjian
Дата:
Tom Lane wrote:
> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > On Monday 05 January 2004 12:51, Peter Eisentraut wrote:
> >> Jean-Eric Cuendet wrote:
> >>> - User permissions based on columns?
> > 
> >> Well, I have about half a patch for column privileges lying around, but
> >> I've never had enough motivation to do the other, more complicated
> >> half...
> 
> > I thought views took care of this.  Comments?
> 
> You can do it with views, but it's tedious, and more to the point the
> SQL standard says that you're supposed to be able to do it directly.
> So I think this should be on TODO.  I wouldn't put a real high priority
> on it personally, but it's a spec-compliance item ...

Added to TODO:
* Allow column-level privileges

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073