How do I go about ensuring that data is only added to a table through a
function? I've tried granting execute persission on the function which
inserts data, but can't get it to work unless the user also has insert
permission on the table. I don't want the user to be able to
arbitrarily insert data.
---------------------------(end of broadcast)---------------------------
TIP 8: explain analyze is your friend 8 1599
On Mon, May 03, 2004 at 15:12:00 -0700,
Marvin McNett <mm*****@cs.ucsd.edu> wrote: How do I go about ensuring that data is only added to a table through a function? I've tried granting execute persission on the function which inserts data, but can't get it to work unless the user also has insert permission on the table. I don't want the user to be able to arbitrarily insert data.
You need to use SECURITY DEFINER so that the function runs with the
access of its definer instead of its invoker.
---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddressHere" to ma*******@postgresql.org)
On Mon, May 03, 2004 at 15:12:00 -0700,
Marvin McNett <mm*****@cs.ucsd.edu> wrote: How do I go about ensuring that data is only added to a table through a function? I've tried granting execute persission on the function which inserts data, but can't get it to work unless the user also has insert permission on the table. I don't want the user to be able to arbitrarily insert data.
You need to use SECURITY DEFINER so that the function runs with the
access of its definer instead of its invoker.
---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddressHere" to ma*******@postgresql.org)
On Mon, May 03, 2004 at 03:12:00PM -0700, Marvin McNett wrote: How do I go about ensuring that data is only added to a table through a function? I've tried granting execute persission on the function which inserts data, but can't get it to work unless the user also has insert permission on the table. I don't want the user to be able to arbitrarily insert data.
Was the function created with SECURITY DEFINER?
--
Alvaro Herrera (<alvherre[a]dcc.uchile.cl>)
"Porque francamente, si para saber manejarse a uno mismo hubiera que
rendir examen... ¿Quién es el machito que tendría carnet?" (Mafalda)
---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster
On Mon, May 03, 2004 at 03:12:00PM -0700, Marvin McNett wrote: How do I go about ensuring that data is only added to a table through a function? I've tried granting execute persission on the function which inserts data, but can't get it to work unless the user also has insert permission on the table. I don't want the user to be able to arbitrarily insert data.
Was the function created with SECURITY DEFINER?
--
Alvaro Herrera (<alvherre[a]dcc.uchile.cl>)
"Porque francamente, si para saber manejarse a uno mismo hubiera que
rendir examen... ¿Quién es el machito que tendría carnet?" (Mafalda)
---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster
Thanks Bruno,
This is exactly what I needed to know.
Cordially,
Marvin
Bruno Wolff III wrote: On Mon, May 03, 2004 at 15:12:00 -0700, Marvin McNett <mm*****@cs.ucsd.edu> wrote:
How do I go about ensuring that data is only added to a table through a function? I've tried granting execute persission on the function which inserts data, but can't get it to work unless the user also has insert permission on the table. I don't want the user to be able to arbitrarily insert data.
You need to use SECURITY DEFINER so that the function runs with the access of its definer instead of its invoker.
---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives? http://archives.postgresql.org
Thanks Bruno,
This is exactly what I needed to know.
Cordially,
Marvin
Bruno Wolff III wrote: On Mon, May 03, 2004 at 15:12:00 -0700, Marvin McNett <mm*****@cs.ucsd.edu> wrote:
How do I go about ensuring that data is only added to a table through a function? I've tried granting execute persission on the function which inserts data, but can't get it to work unless the user also has insert permission on the table. I don't want the user to be able to arbitrarily insert data.
You need to use SECURITY DEFINER so that the function runs with the access of its definer instead of its invoker.
---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives? http://archives.postgresql.org
On Mon, 3 May 2004, Marvin McNett wrote: How do I go about ensuring that data is only added to a table through a function? I've tried granting execute persission on the function which inserts data, but can't get it to work unless the user also has insert permission on the table. I don't want the user to be able to arbitrarily insert data.
Maybe something along these lines?
Have the function grant insert to the user prior to inserting & revoke it
afterwards. The user will have generic insert access while the function is
running, but if this is a problem, have the function lock the table
during the insert operation, then revoke the insert permision before
unlocking the table.
Brent Wood
---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings
On Mon, 3 May 2004, Marvin McNett wrote: How do I go about ensuring that data is only added to a table through a function? I've tried granting execute persission on the function which inserts data, but can't get it to work unless the user also has insert permission on the table. I don't want the user to be able to arbitrarily insert data.
Maybe something along these lines?
Have the function grant insert to the user prior to inserting & revoke it
afterwards. The user will have generic insert access while the function is
running, but if this is a problem, have the function lock the table
during the insert operation, then revoke the insert permision before
unlocking the table.
Brent Wood
---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: jason |
last post by:
How does one loop through the contents of a form complicated by dynamic
construction of checkboxes which are assigned a 'model' and 'listingID' to
the NAME field on the fly in this syntax:...
|
by: george |
last post by:
This is like the bug from hell. It is kind of hard to explain, so
please bear with me.
Background Info: SQL Server 7.0, on an NT box, Active Server pages
with Javascript, using ADO objects.
...
|
by: Johannes A. Brunner |
last post by:
Got a simple problem.
I code some site and because Im a freak I made my own session-handling.
When a user open up my site it will check if there is a ssid in the url
if not generate one. this will...
|
by: Philip Boonzaaier |
last post by:
I want to be able to generate SQL statements that will go through a list of
data, effectively row by row, enquire on the database if this exists in the
selected table- If it exists, then the colums...
|
by: ImraneA |
last post by:
Hi there
I had pleasure of upsizing Access v97 db to Access v2K/SQL 2K.
Wish to provide some knowledge gained back to community - hopefully
help others.
1.Question how do you test stored...
|
by: Andrew Clark |
last post by:
*** post for FREE via your newsreader at post.newsfeed.com ***
it's been a while since i have poseted to this newsgroup, but for a long
time i was not programming at all. but now that i am out of...
|
by: rn5a |
last post by:
During registration, users are supposed to enter the following
details: First Name, Last Name, EMail, UserName, Password, Confirm
Password, Address, City, State, Country, Zip & Phone Number. I am...
|
by: =?Utf-8?B?UmljaA==?= |
last post by:
On a form - I have a datagridview which is docked to the entire form. The
datagridview allows users to Delete and/or Add Rows. On the Form_Load event
I Fill the datagridview source table with a...
|
by: bonneylake |
last post by:
Hey Everyone,
Well recently i been inserting multiple fields for a section in my form called "serial". Well now i am trying to insert multiple fields for the not only the serial section but also...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
| |