Обсуждение: Hide some tables
Hi, There are some operators who enters data in my database with just one table. Others tables are updated by triggers, these tables contains result of calculation. How to do to hide these tables because I do not want that operators read them ? On help documentation it is said that I can not block SELECT privilege because it is required for UPDATE. Thanks
There are some operators who enters data in my database with just one
table. Others tables are updated by triggers, these tables contains
result of calculation. How to do to hide these tables because I do not
want that operators read them ? On help documentation it is said that I
can not block SELECT privilege because it is required for UPDATE.
Can you move them to a different schema, and manage using search_path?
Regards,Jayadevan
Jayadevan M <maymala.jayadevan@gmail.com> writes:
> There are some operators who enters data in my database with just one
>> table. Others tables are updated by triggers, these tables contains
>> result of calculation. How to do to hide these tables because I do not
>> want that operators read them ? On help documentation it is said that I
>> can not block SELECT privilege because it is required for UPDATE.
>>
> Can you move them to a different schema, and manage using search_path?
The thing to use is privileges. Make the tables-that-should-be-hidden
owned by a different SQL role, and don't give select privilege on them
to the data entry role. The triggers can be (or call) SECURITY DEFINER
functions owned by the first role, giving them access that the data entry
role does not have.
regards, tom lane
Le 09/08/2021 à 13:45, Tom Lane a écrit : > Jayadevan M <maymala.jayadevan@gmail.com> writes: >> There are some operators who enters data in my database with just one >>> table. Others tables are updated by triggers, these tables contains >>> result of calculation. How to do to hide these tables because I do not >>> want that operators read them ? On help documentation it is said that I >>> can not block SELECT privilege because it is required for UPDATE. >>> >> Can you move them to a different schema, and manage using search_path? > The thing to use is privileges. Make the tables-that-should-be-hidden > owned by a different SQL role, and don't give select privilege on them > to the data entry role. The triggers can be (or call) SECURITY DEFINER > functions owned by the first role, giving them access that the data entry > role does not have. > > regards, tom lane It works. Thank you