Thread: Re: create a limited user in Postgre

That's not very open-source of you. LOL.

Aside from database permission issues, which are not a problem, you would also
have to not give them superuser access to their own database server (something
that a lot of companies will not be happy with). Especially if they want to the
possibility of other databases on the server. You would also have to prevent
them from holding onto the backups, something that most companies would not
tolerate at all.

sim



Guillermo Arias wrote:
> Hi, i have a question:
>
> I have a database and i want to create a administrator user with total
> control and another that only could make queries and could not see nor
> modify the functions.
>
> The reason is that in the database that i will distribute are the
> functions with a big part of the software logics and i do not want
> these to be seen by my customers.
>
> Thanks in advance, Guillermo

That's because the definitions of the functions are not stored in the schema.

functions are stored in the pg_catalog schema in the pg_proc table and views are accessible via the multiple pg_get_viewdef functions in the same schema.

If you block access to that table and fucntion then pgadmin would not be able to show the function or view definition.

However, as long as the user has access to a backup, they have access to all the definitions, no matter what you do.

Sim

-------- Original Message  --------
Subject: [GENERAL] create a limited user in Postgre
From: Willy-Bas Loos <willybas@gmail.com>
To: Sim Zacks <sim@compulab.co.il>
Date: Tuesday, January 22, 2008 09:53:13 AM

>and another that only could make queries and could not see nor
>modify the functions.
Up until 8.1 it is possible to see all the functions (plpgsql code) in pgAdmin, even if you don't have access rights to the schema.
I'm not sure how this is in 8.2 or 8.3?

WBL

On Jan 22, 2008 7:02 AM, Sim Zacks <sim@compulab.co.il> wrote:

That's not very open-source of you. LOL.

Aside from database permission issues, which are not a problem, you would also
have to not give them superuser access to their own database server (something
that a lot of companies will not be happy with). Especially if they want to the
possibility of other databases on the server. You would also have to prevent
them from holding onto the backups, something that most companies would not
tolerate at all.

sim



Guillermo Arias wrote:
> Hi, i have a question:
>
> I have a database and i want to create a administrator user with total
> control and another that only could make queries and could not see nor
> modify the functions.
>
> The reason is that in the database that i will distribute are the
> functions with a big part of the software logics and i do not want
> these to be seen by my customers.
>
> Thanks in advance, Guillermo

---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
      subscribe-nomail command to majordomo@postgresql.org so that your
      message can get through to the mailing list cleanly

>and another that only could make queries and could not see nor
>modify the functions.
Up until 8.1 it is possible to see all the functions (plpgsql code) in pgAdmin, even if you don't have access rights to the schema.
I'm not sure how this is in 8.2 or 8.3?

WBL