Re: [GENERAL] create a limited user in Postgre

Tue, 22 Jan 2008 00:04:46 -0800

That's because the definitions of the functions are not stored in the schema.
functions are stored in the pg_catalog schema in the pg_proc table and views are accessible via the multiple pg_get_viewdef functions in the same schema. 


If you block access to that table and fucntion then pgadmin would not be 
able to show the function or view definition.




However, as long as the user has access to a backup, they have access to 
all the definitions, no matter what you do.



Sim



-------- Original Message  --------
Subject: [GENERAL] create a limited user in Postgre
From: Willy-Bas Loos <[EMAIL PROTECTED]>
To: Sim Zacks <[EMAIL PROTECTED]>
Date: Tuesday, January 22, 2008 09:53:13 AM


>and another that only could make queries and could not see nor
>modify the functions.

Up until 8.1 it is possible to see all the functions (plpgsql code) in 
pgAdmin, even if you don't have access rights to the schema.

I'm not sure how this is in 8.2 or 8.3?

WBL


On Jan 22, 2008 7:02 AM, Sim Zacks <[EMAIL PROTECTED] 
<mailto:[EMAIL PROTECTED]>> wrote:


    That's not very open-source of you. LOL.

    Aside from database permission issues, which are not a problem,
    you would also
    have to not give them superuser access to their own database
    server (something
    that a lot of companies will not be happy with). Especially if
    they want to the
    possibility of other databases on the server. You would also have
    to prevent
    them from holding onto the backups, something that most companies
    would not
    tolerate at all.

    sim



    Guillermo Arias wrote:
    > Hi, i have a question:
    >
    > I have a database and i want to create a administrator user with
    total
    > control and another that only could make queries and could not
    see nor
    > modify the functions.
    >
    > The reason is that in the database that i will distribute are the
    > functions with a big part of the software logics and i do not want
    > these to be seen by my customers.
    >
    > Thanks in advance, Guillermo

    ---------------------------(end of
    broadcast)---------------------------
    TIP 1: if posting/reading through Usenet, please send an appropriate
          subscribe-nomail command to [EMAIL PROTECTED]
    <mailto:[EMAIL PROTECTED]> so that your
          message can get through to the mailing list cleanly
























					Reply via email to