Home Projects Jobs Clientele Contact


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Permissions on UU tables

Aha. So the key here is that DML permissions on tables should be granted
to the user which owns procedures.

On 03/22/10 22:30, Alexey Parshin wrote:
> The idea is pretty simple. Most of the tables (if not all) are created with
> no access for regular user. All the stored procedures are created as
> SECURITY DEFINER. Such stored procedures have the access rights to the
> database same as the procedure creator. Permissions are checked with the UU
> function can_access() or has_access() - I don't remember the exact name. If
> the access isn't granted, this function raises the exception. If the access
> is granted, it does nothing. The can_access() function uses user data from
> the temporary table, created during the execution of the login().
> On 23 March 2010 03:46, Ilya A. Volynets-Evenbakh
> <ilya@total-knowledge.com>wrote:
>> I just recreated my local database from scratch, using
>> and am using non-superuser account to connect to it from UU.
>> I am getting access denied errors from various functions on
>> various tables.
>> How is this supposed to be handled? I vaguely remember
>> that all procedures should have access to relevant tables,
>> but user himself should not. How does it work? Where is it
>> set up?
>> --
>> Ilya A. Volynets-Evenbakh
>> http://www.total-knowledge.com

Ilya A. Volynets-Evenbakh

Authoright © Total Knowledge: 2001-2008