Participants
Alexander Cohen
Alexander Cohen
Joe Conway
Joe Conway
Joshua D. Drake
Joshua D. Drake
Karsten Hilbert
Karsten Hilbert
Bruno Wolff III
Bruno Wolff III
Tom Lane
Tom Lane
Attachments
Show all attachments
Thread Outline
#1Alexander CohenAlexander Cohen
Jul 01, 2004
#2Joe ConwayJoe Conwayto Alexander Cohen (#1)
Jul 01, 2004
#3Joshua D. DrakeJoshua D. Draketo Alexander Cohen (#1)
Jul 01, 2004
#4Karsten HilbertKarsten Hilbertto Alexander Cohen (#1)
Jul 01, 2004
#5...#6
Bruno Wolff IIITom Lane
to Alexander Cohen (#1)
Jul 01, 2004
#5Bruno Wolff IIIBruno Wolff IIIto Alexander Cohen (#1)
Jul 01, 2004
#6Tom LaneTom Laneto Bruno Wolff III (#5)
Jul 02, 2004

row level grants

Started by Alexander Cohenalmost 22 years ago6 messagesgeneral
Jump to latest
#1Alexander Cohen
Alexander Cohen
alex@toomuchspace.com

Is there any way to grant user access at the row level? Or maybe some
way to simulate it?

Alex

#2Joe Conway
Joe Conway
mail@joeconway.com
In reply to: Alexander Cohen (#1)
Re: row level grants

Alexander Cohen wrote:

Is there any way to grant user access at the row level? Or maybe some
way to simulate it?

There is no built-in way to do this, at least not currently.

I wrote an article that might get you going in the right direction,
available here:

http://www.onlamp.com/pub/a/onlamp/2004/06/28/postgresql_extensions.html

The functions I refer to in the article are custom C functions -- I'll
be posting the source code on my website (www.joeconway.com) sometime
after OSCON is over in a few weeks. In the meantime maybe you can use
the concepts as a starting point.

HTH,

Joe

#3Joshua D. Drake
Joshua D. Drake
jd@commandprompt.com
In reply to: Alexander Cohen (#1)
Re: row level grants

Alexander Cohen wrote:

Is there any way to grant user access at the row level? Or maybe some
way to simulate it?

If you can write a query to will return only the rows you want the user
to see, you can write a view that returns those rows and grant rights to
that view.

J

Alex

---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster

-- 
Command Prompt, Inc., home of Mammoth PostgreSQL - S/ODBC and S/JDBC
Postgresql support, programming shared hosting and dedicated hosting.
+1-503-667-4564 - jd@commandprompt.com - http://www.commandprompt.com
Mammoth PostgreSQL Replicator. Integrated Replication for PostgreSQL
#4Karsten Hilbert
Karsten Hilbert
Karsten.Hilbert@gmx.net
In reply to: Alexander Cohen (#1)
Re: row level grants

Is there any way to grant user access at the row level? Or maybe some
way to simulate it?

Think about using views. Examples are in the list archive.

Karsten
--
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346

#5Bruno Wolff III
Bruno Wolff III
bruno@wolff.to
In reply to: Alexander Cohen (#1)
Re: row level grants

On Thu, Jul 01, 2004 at 17:09:23 -0400,
Alexander Cohen <alex@toomuchspace.com> wrote:

Is there any way to grant user access at the row level? Or maybe some
way to simulate it?

You can do this with views. You need something in each row that will
allow you to tell which users have access to a row and check that
against current_user in the view. If there is more than one user
per row, then you might need to join the table to another table
that maps users to groups.

#6Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Bruno Wolff III (#5)
Re: row level grants

Bruno Wolff III <bruno@wolff.to> writes:

Alexander Cohen <alex@toomuchspace.com> wrote:

Is there any way to grant user access at the row level? Or maybe some
way to simulate it?

You can do this with views. You need something in each row that will
allow you to tell which users have access to a row and check that
against current_user in the view.

There are working examples of this in the standard distribution.
Take a look at the pg_stats view and the information_schema views.

regards, tom lane

← Back to Topics