[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Permissions on UU tables

To: uu@total-knowledge.com
Subject: Re: Permissions on UU tables
From: Alexey Parshin <alexeyp@gmail.com>
Date: Tue, 23 Mar 2010 09:23:00 +1100
Delivered-to: mailing list uu@total-knowledge.com
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=oqBXYspw//ZDh3DZpCVZKpFSs50UONRyqRC48ZkSIyk=; b=vmNE/ltKEnHchha+DU0QmHod0UozTWZ6bYCSwB+Ulerj5ABuBWjJ/6eIqU/fijlTsp OuM4sHO5A44y78l1/U8CpuS7LJD4v9Swo/QckRhoCmNQHCTk9vxaYyEx15Vsh79997vk //EGnHwZpI0DmfZxPvOO6+PGiLy4CZns7/QmQ=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=YAzR/jm9JWoAEENGA+CILNhmL+11kRYpJ1KKsE8b0VRlXwNbCnx0X/gW5pcUmz5knJ yIHEOTOeTwM+93cZB8rjONOUKMWSvrv4xnQ13lbrNcbYxVia74bXQ/DCvWI+Hzs3SDLS kGAhau+9Kr+8UL2i/1DVagBC6pLs62UXwHqgs=
In-reply-to: <4BA7D943.2040901@total-knowledge.com>
Mailing-list: contact uu-help@total-knowledge.com; run by ezmlm
References: <4BA79ED9.40005@total-knowledge.com> <a75bc3cf1003221330g487bba8cr63cb2343b4a08386@mail.gmail.com> <4BA7D943.2040901@total-knowledge.com>

Yeap. Usually that user is a DBA that created the database.

On 23 March 2010 07:55, Ilya A. Volynets-Evenbakh
<ilya@total-knowledge.com>wrote:

> Aha. So the key here is that DML permissions on tables should be granted
> to the user which owns procedures.
>
> On 03/22/10 22:30, Alexey Parshin wrote:
> > The idea is pretty simple. Most of the tables (if not all) are created
> with
> > no access for regular user. All the stored procedures are created as
> > SECURITY DEFINER. Such stored procedures have the access rights to the
> > database same as the procedure creator. Permissions are checked with the
> UU
> > function can_access() or has_access() - I don't remember the exact name.
> If
> > the access isn't granted, this function raises the exception. If the
> access
> > is granted, it does nothing. The can_access() function uses user data
> from
> > the temporary table, created during the execution of the login().
> >
> > On 23 March 2010 03:46, Ilya A. Volynets-Evenbakh
> > <ilya@total-knowledge.com>wrote:
> >
> >
> >> I just recreated my local database from scratch, using
> >> and am using non-superuser account to connect to it from UU.
> >>
> >> I am getting access denied errors from various functions on
> >> various tables.
> >>
> >> How is this supposed to be handled? I vaguely remember
> >> that all procedures should have access to relevant tables,
> >> but user himself should not. How does it work? Where is it
> >> set up?
> >>
> >> --
> >> Ilya A. Volynets-Evenbakh
> >> http://www.total-knowledge.com
> >>
> >>
> >>
> >
> >
>
>
> --
> Ilya A. Volynets-Evenbakh
> http://www.total-knowledge.com
>
>


-- 
Alexey Parshin,
http://www.sptk.net

Follow-Ups:
- Re: Permissions on UU tables
  - From: "Ilya A. Volynets-Evenbakh" <ilya@total-knowledge.com>

References:
- Permissions on UU tables
  - From: "Ilya A. Volynets-Evenbakh" <ilya@total-knowledge.com>
- Re: Permissions on UU tables
  - From: Alexey Parshin <alexeyp@gmail.com>
- Re: Permissions on UU tables
  - From: "Ilya A. Volynets-Evenbakh" <ilya@total-knowledge.com>

Prev by Date: Re: Permissions on UU tables
Next by Date: Re: Permissions on UU tables
Previous by thread: Re: Permissions on UU tables
Next by thread: Re: Permissions on UU tables
Index(es):
- Date
- Thread

UniverseUniversity

uu

Re: Permissions on UU tables