Create PostgreSQL 9 role with login (user) just to execute functions
I have been looking for this for years and I have tried everything on the web with no success.
I am able to do it in MSSQL, but I didn´t find a way to do it in PostgreSQ
-
Execute this connected to the database you want to configure.
-- Create the user. CREATE ROLE somebody WITH LOGIN PASSWORD '...'; -- Prevent all authenticated users from being able to use the database, -- unless they have been explicitly granted permission. REVOKE ALL PRIVILEGES ON DATABASE foo FROM PUBLIC; REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM PUBLIC; REVOKE ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA public FROM PUBLIC; REVOKE ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public FROM PUBLIC; -- Allow the user to only use the specified functions. GRANT CONNECT ON DATABASE foo TO somebody; GRANT EXECUTE ON FUNCTION return_customers(), return_time() TO somebody;If you have more schemas than "public" then you will need to add those to the two
REVOKE ALL PRIVILEGES ON ALL ...statements.Do not forget that the functions must have been created with SECURITY DEFINER or this user will still be unable to execute them, as the contents of the function will be executed with the permissions of this user, instead of the user who created the function.
See:
- CREATE FUNCTION particularly
SECURITY DEFINER - GRANT both for adding users to roles and for assigning access rights to tables, sequences, etc
- REVOKE
- CREATE ROLE
讨论(0) - CREATE FUNCTION particularly
加载中...
- 热议问题