Re: Permissions on UU tables

["Ilya A. Volynets-Evenbakh" <ilya@total-knowledge.com>]

Aha. So the key here is that DML permissions on tables should be granted
to the user which owns procedures.

On 03/22/10 22:30, Alexey Parshin wrote:
> The idea is pretty simple. Most of the tables (if not all) are created with
> no access for regular user. All the stored procedures are created as
> SECURITY DEFINER. Such stored procedures have the access rights to the
> database same as the procedure creator. Permissions are checked with the UU
> function can_access() or has_access() - I don't remember the exact name. If
> the access isn't granted, this function raises the exception. If the access
> is granted, it does nothing. The can_access() function uses user data from
> the temporary table, created during the execution of the login().
>
> On 23 March 2010 03:46, Ilya A. Volynets-Evenbakh
> <ilya@total-knowledge.com>wrote:
>
>   
>> I just recreated my local database from scratch, using
>> and am using non-superuser account to connect to it from UU.
>>
>> I am getting access denied errors from various functions on
>> various tables.
>>
>> How is this supposed to be handled? I vaguely remember
>> that all procedures should have access to relevant tables,
>> but user himself should not. How does it work? Where is it
>> set up?
>>
>> --
>> Ilya A. Volynets-Evenbakh
>> http://www.total-knowledge.com
>>
>>
>>     
>
>   


-- 
Ilya A. Volynets-Evenbakh
http://www.total-knowledge.com