Обсуждение: about permissions
hi! First short explanation: I create application in php. In scripts I need sometimes check if user has permissions to for example update values in some table So question: How should looks my queryi like? I mean something like select pg_class.relacl where relname='cust' and pg_class.relacl[2]='my_user=arwR'; (this query doesn't work) and another difficult problem: I don't know what place in relacl array is occupied by permissions for my user and of course can't check for string 'myuser=arwR' cause permissions could be 'arw', 'ar', 'r'. Naturally I can solve this by taking whole array and processing data in php, but I could be really fine to solve this inside postgresTIARem -------------------------------------------------------------------*------------ Remigiusz Sokolowski e-mail: rems@gdansk.sprint.pl * * -----------------------------------------------------------------*****----------
Remigiusz Sokolowski wrote: > > hi! > First short explanation: > I create application in php. In scripts I need sometimes check if user has > permissions to for example update values in some table > > So question: > How should looks my queryi like? > > I mean something like > select pg_class.relacl where relname='cust' and > pg_class.relacl[2]='my_user=arwR'; (this query doesn't work) > > and another difficult problem: > I don't know what place in relacl array is occupied by permissions for my > user and of course can't check for string 'myuser=arwR' cause permissions > could be 'arw', 'ar', 'r'. > Naturally I can solve this by taking whole array and processing data in > php, but > I could be really fine to solve this inside postgres You can compile+install PL/Tcl in your database and use the function I've included at the end. It's usage is: -- -- PL/Tcl function to verify if a user has specific permissions -- on a relation. -- -- Usage: check_permission(relname,username,perms) -- -- perms is a string consisting of any combination of the -- characters a,r,w and R (R means RULE permission). -- -- Returns: true if user has ALL permissions -- false if at least one permission is missing -- -- Exceptions: generates an error if the relation or it's owner -- aren't found in the system catalogs -- The perms string can be given in any order, so 'awr' is equal to 'raw'. It follows the PostgreSQL semantics where superusers bypass all access restrictions, a user not explicitly listed in the acl has the rights of the public entry and if there is no acl at all, only the owner has full rights. It does NOT handle group permissions up to now. You didn't told that you need this functionality too. Hope that solves your problem. Jan -- #======================================================================# # It's easier to get forgiveness for being wrong than for being right. # # Let's break this rule - forgive me. # #======================================== jwieck@debis.com (Jan Wieck) #
I wrote: > You can compile+install PL/Tcl in your database and use the > function I've included at the end. It's usage is: But forgot to include it :-) Jan -- #======================================================================# # It's easier to get forgiveness for being wrong than for being right. # # Let's break this rule - forgive me. # #======================================== jwieck@debis.com (Jan Wieck) # begin 644 chkperm.sql M+2T*+2T@4$PO5&-L(&9U;F-T:6]N('1O('9E<FEF>2!I9B!A('5S97(@:&%S M('-P96-I9FEC('!E<FUI<W-I;VYS"BTM(&]N(&$@<F5L871I;VXN"BTM"BTM M(%5S86=E.B`@("`@(&-H96-K7W!E<FUI<W-I;VXH<F5L;F%M92QU<V5R;F%M M92QP97)M<RD*+2T@("`@("`@(`HM+2`@("`@("`@("`@("!P97)M<R!I<R!A M('-T<FEN9R!C;VYS:7-T:6YG(&]F(&%N>2!C;VUB:6YA=&EO;B!O9B!T:&4* M+2T@("`@("`@("`@("`@8VAA<F%C=&5R<R!A+'(L=R!A;F0@4B`H4B!M96%N M<R!254Q%('!E<FUI<W-I;VXI+@HM+0HM+2!2971U<FYS.B`@("!T<G5E(&EF M('5S97(@:&%S($%,3"!P97)M:7-S:6]N<PHM+2`@("`@("`@("`@("!F86QS M92!I9B!A="!L96%S="!O;F4@<&5R;6ES<VEO;B!I<R!M:7-S:6YG"BTM"BTM M($5X8V5P=&EO;G,Z(&=E;F5R871E<R!A;B!E<G)O<B!I9B!T:&4@<F5L871I M;VX@;W(@:70G<R!O=VYE<@HM+2`@("`@("`@("`@("!A<F5N)W0@9F]U;F0@ M:6X@=&AE('-Y<W1E;2!C871A;&]G<PHM+0I#4D5!5$4@1E5.0U1)3TX@8VAE M8VM?<&5R;6ES<VEO;B`H;F%M92P@;F%M92P@=&5X="D@4D5455).4R!B;V]L M($%3("<*"2,*"2,@3VX@9FER<W0@8V%L;"!C<F5A=&4@82!P<F5P87)E9"!P M;&%N(&9O<B!T:&4@;&]O:W5P"@DC"@EI9B![(5MI;F9O(&5X:7-T<R!'1%U] M('L*"0ES970@1T0H<&QA;BD@6W-P:5]P<F5P87)E"0D)"0D)"5Q<"@D)"2)3 M14Q%0U0@0RYR96QA8VP@05,@86-L+"!5+G5S96YA;64@05,@;W=N97(L"5Q< M"@D)"0E5+G5S97-U<&5R($%3('-U<&5R=7-E<@D)"0D)"5Q<"@D)"0E&4D]- M('!G7V-L87-S($,L('!G7W5S97(@50D)"0D)7%P*"0D)"5=(15)%($,N<F5L M;F%M92`](%Q<)#$)"0D)"0E<7`H)"0D)("!!3D0@0RYR96QO=VYE<B`](%4N M=7-E<WES:60B"0D)"5Q<"@D)"7MN86UE?5T*"7T*"@DC"@DC($=E="!R96QA M=&EO;B!O=VYE<BP@86-L(&QI<W0@86YD(&EF('5S97(@:7,@82!S=7!E<G5S M97(*"2,*"7-E="!N(%MS<&E?97AE8W`@+6-O=6YT(#$@)$=$*'!L86XI(%ML M:7-T("0Q75T*"6EF('LD;B`A/2`Q?2!["@D)96QO9R!%4E)/4B`B<F5L871I M;VX@)#$@;W(@=7-E<B`D,B!D;V5S(&YO="!E>&ES="(*"7T*"@DC"@DC(%-U M<&5R=7-E<G,@8GEP87-S(&%L;"!P97)M:7-S:6]N<PH)(PH):68@>UMS=')I M;F<@8V]M<&%R92`D<W5P97)U<V5R(")T(ET@/3T@,'T@>PH)"7)E='5R;B!T M"@E]"@H)(PH)(R!)9B!T:&5R92!I<R!N;R!A8VP@;&ES="!T:&4@;W=N97(@ M:&%S(&9U;&P@<FEG:'1S"@DC"@EI9B![(5MI;F9O(&5X:7-T<R!A8VQ=?2![ M"@D):68@>UMS=')I;F<@8V]M<&%R92`D;W=N97(@)#)=(#T](#!]('L*"0D) M<F5T=7)N('0*"0E](&5L<V4@>PH)"0ER971U<FX@9@H)"7T*"7T*"@DC"@DC M($EN('1H92!L;V]P(&)E;&]W+"!P=6)L:6,@:7,@=')E871E9"!A<R!E;7!T M>2!U<V5R(&YA;64*"2,@<V\@:70@=VEL;"!M871C:"!T:&4@(CTN+BXB(&5N M=')Y(&EN('1H92!A8VP@;&ES="X*"2,*"6EF('M;<W1R:6YG(&-O;7!A<F4@ M)#(@(G!U8FQI8R)=(#T](#!]('L*"0ES970@,B`B(@H)?0H*"2,*"2,@4F5M M;W9E('1H92!S=7)R;W5N9&EN9R!C=7)L>2!B<F%C97,@9G)O;2!T:&4@86-L M(&QI<W0*"2,*"7)E9W-U8B`B7EQ<>R(@)&%C;"`B(B!A8VP*"7)E9W-U8B`B M7%Q]7%PD(B`D86-L("(B(&%C;`H*"2,*"2,@17AT<F%C="!T:&4@86-L(&5N M=')Y('=E(&QO;VL@9F]R(&%N9"!R96UE;6)E<B!P=6)L:6,*"2,@<&5R;6ES M<VEO;G,@;VX@=&AE(&9L>0H)(PH)<V5T('!U8FQI8R`B(@H)<V5T('!E<FUS M("`B(@H)<V5T(&9O=6YD("`P"@EF;W)E86-H(&%C;&4@6W-P;&ET("1A8VP@ M+%T@>PH)"6EF('M;<F5G97AP(")<7"(H7%Q;7CU<7%TJ*3TH7%Q;7EQ<(EQ< M72HI7%PB(B`D86-L92![?2!U('!=?2!["@D)"6EF('M;<W1R:6YG(&-O;7!A M<F4@)'4@(B)=(#T](#!]('L*"0D)"7-E="!P=6)L:6,@)'`*"0D)?0H)"0EI M9B![6W-T<FEN9R!C;VUP87)E("1U("0R72`]/2`P?2!["@D)"0ES970@<&5R M;7,@)'`*"0D)"7-E="!F;W5N9"`Q"@D)"0EB<F5A:PH)"0E]"@D)?0H)?0H) M:68@>R$D9F]U;F1]('L*"0ES970@<&5R;7,@)'!U8FQI8PH)?0H*"2,*"2,@ M3F]W(&-H96-K('1H870@86QL('1H92!R97%U97-T960@;6]D97,@87)E('-E M=`H)(PH)9F]R96%C:"!C:&L@6W-P;&ET("0S("(B72!["@D):68@>UMS=')I M;F<@9FER<W0@)&-H:R`D<&5R;7-=(#P@,'T@>PH)"0ER971U<FX@9@H)"7T* M"7T*"@DC(`H)(R!!;&P@;6]D97,@<V5T("T@=7-E<B!H87,@=&AE(')E<75E M<W1E9"!P97)M:7-S:6]N<PH)(PH)<F5T=7)N('0*)R!,04Y'54%'12`G<&QT &8VPG.PH* ` end
> I wrote: > > > You can compile+install PL/Tcl in your database and use the > > function I've included at the end. It's usage is: > > But forgot to include it :-) > > > Jan > thanks - I'll try it. You mention about checking also group permissions - here question, cause I need it also. When postgres checks permissions of any user, I mean, it checks for example firstly if this user has permissions to table and after searches for groups in which this user is listed and checks permissions of this groups - are there any functions to do this? Sorry for querying You about simple things, but I really know very little about programmingRem -------------------------------------------------------------------*------------ Remigiusz Sokolowski e-mail: rems@gdansk.sprint.pl * * -----------------------------------------------------------------*****----------
> > You can compile+install PL/Tcl in your database and use the > function I've included at the end. It's usage is: > Could You point me where to find sources of PL/Tcl? I search for it, but without result (I need it for 6.3.2 ver) I don't look at distribution - is there those ?TIARem -------------------------------------------------------------------*------------ Remigiusz Sokolowski e-mail: rems@gdansk.sprint.pl * * -----------------------------------------------------------------*****----------