schema_0_9_10_grants
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Last revisionBoth sides next revision | ||
schema_0_9_10_grants [2008/11/08 17:23] – daniel | schema_0_9_10_grants [2008/11/08 17:55] – daniel | ||
---|---|---|---|
Line 9: | Line 9: | ||
* Users are assigned to groups with //GRANT role TO user// commands. | * Users are assigned to groups with //GRANT role TO user// commands. | ||
+ | ==== Script for tables and sequences ==== | ||
Here is a skeleton of an SQL script that grants all rights to the '' | Here is a skeleton of an SQL script that grants all rights to the '' | ||
<code sql> | <code sql> | ||
Line 50: | Line 51: | ||
</ | </ | ||
+ | |||
+ | ==== Functions ==== | ||
+ | Special care must be taken with functions since the execute privilege is granted to PUBLIC (every user) by default. In order to restrict the rights to use functions, the administrator should first revoke that privilege: | ||
+ | <code sql> | ||
+ | REVOKE EXECUTE ON FUNCTION | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | FROM public; | ||
+ | </ | ||
+ | |||
+ | It is especially interesting to remove the right to call delete_msg() on all or specific users to prevent accidental deletion of messages when the local policy it to never delete any mail. | ||
schema_0_9_10_grants.txt · Last modified: 2008/11/08 18:02 by daniel