New Developer's FAQ item
I have added this to the developer's FAQ. Any comments or corrections?
--
Bruce Momjian | 830 Blythe Avenue
maillist@candle.pha.pa.us | Drexel Hill, Pennsylvania 19026
+ If your life is a hard drive, | (610) 353-9879(w)
+ Christ can be your backup. | (610) 853-3000(h)Attachments:
I have added this to the developer's FAQ. Any comments or corrections?
9) How do I efficiently access information in tables from the backend code?
Is all this relevant for writing triggers that have to access tables
in order to verify/modify a given tuple? Is that even possible? Are
there any examples?
Cheers,
Brook
I have added this to the developer's FAQ. Any comments or corrections?
9) How do I efficiently access information in tables from the backend code?
Is all this relevant for writing triggers that have to access tables
in order to verify/modify a given tuple? Is that even possible? Are
there any examples?
Yes, I think so. You can check out contrib/spi.
--
Bruce Momjian | 830 Blythe Avenue
maillist@candle.pha.pa.us | Drexel Hill, Pennsylvania 19026
+ If your life is a hard drive, | (610) 353-9879(w)
+ Christ can be your backup. | (610) 853-3000(h)
I have added this to the developer's FAQ. Any comments or corrections?
9) How do I efficiently access information in tables from the backend code?
Is all this relevant for writing triggers that have to access tables
in order to verify/modify a given tuple? Is that even possible? Are
there any examples?Cheers,
Brook
But keep in mind that the syscache and heap access goes
in without ACL checks!
Jan
--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#======================================== jwieck@debis.com (Jan Wieck) #
Is all this relevant for writing triggers that have to access tables
in order to verify/modify a given tuple? Is that even possible? Are
there any examples?
But keep in mind that the syscache and heap access goes
in without ACL checks!
I don't quite know what you mean here. What are ACL checks? Sorry
for the naive question.
Cheers,
Brook
Is all this relevant for writing triggers that have to access tables
in order to verify/modify a given tuple? Is that even possible? Are
there any examples?But keep in mind that the syscache and heap access goes
in without ACL checks!I don't quite know what you mean here. What are ACL checks? Sorry
for the naive question.Cheers,
Brook
On any table, the owner or a superuser can GRANT or REVOKE
access to or from other users. Thus, you might have granted
another user permissions to read some of your tables, but not
other ones. The permissions you've setup are held in the
relacl column in pg_class.
But these permissions are checked only if a regular query is
processed by the executor (or after my new changes during
query rewrite). When accessing information through the
syscache or heap access methods, the ACL's (access control
lists) aren't checked.
If you write a function, that reads tables and returns
information from them, any user can use these functions to
see the data they return. Even if you explicitly revoked the
user from reading these tables. If the function uses SPI to
access the tables, the ACL checks get performed and the user
cannot use them to look at your data.
Jan
--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#======================================== jwieck@debis.com (Jan Wieck) #