[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnumed-devel] Re: for your perusal

From: Syan Tan
Subject: [Gnumed-devel] Re: for your perusal
Date: Thu, 25 May 2006 19:20:46 +0800

if I login as postgres user , and in psql  do  " create lang 'plpgsql'  ", it seems to work.

maybe the boostrap language  function should catch on first failure, and attempt the above.;

On Wed May 24 14:03 , Karsten Hilbert sent:

On Tue, May 23, 2006 at 11:45:09PM +1000, syan tan wrote:

> I suppose it depends on whether you are going to allow
> inserts into clin_narrative where importers specifically
> specify a particular pg_user,

> or make all imports always
> the current user,
Yes. SESSION_USER, that is, even in spite of SECURITY DEFINER.

Using SECURITY DEFINER would entail allowing write access to
the log tables to *any* user. Which sounds an awful lot like

> in which case importers have to use
> set session authorization,
Or rather connect as those users.

> unless you will allow another
> field to specify an original author for importers, and keep
> modified_by for the particular user the importer is invoked
> under.
The latter. If you are hell-bent to get the original author
into modified_by (which isn't really the truth in technical
terms) you need to go all the way for the fake to work
(create and connect as that user, that is).

To my understanding this is necessary to make auditing worth
it's while at all.

GPG key ID E4071346 @
E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346

reply via email to

[Prev in Thread] Current Thread [Next in Thread]