PostgreSQL: Permission to execute function (that inserts into a table) but no permission to insert directly

database-administrationpermissionspostgresql

Sorry if this is the wrong place to ask this question.

I have created a function that inserts values into many tables, and I want the web front-end to execute this function. I have granted execute permission to the web front-end's login role, but I do not want the web front-end code to be able to insert values directly into the tables, I want the web front-end to use only the function that I have created for this purpose.

If I grant execute permission for the web front-end's login role but I do not grant insert permissions on the tables that are inserted into within the function, then an access error occurs.

How can I go about this?

Best Answer

You have to have another role, that has privileges to write directly to tables. Then you create the function using this another role, and add to function definition "SECURITY DEFINER" clause. And then you grant execute on this function to your web role.

You can read more about it in documentation.

You might also want to check blog post that I once wrote about securing database.

Related Solutions

Security – Deny Stored Procedure Data Modification by User Security

That comment on MSDN simply means that there are some situations (such as sometimes when using dynamic SQL) where granting a user EXECUTE on the stored procedure will not necessarily be enough to allow them to execute it.

What you want cannot be done - if they are able to run a stored procedure, they will be able to do whatever the stored procedure does - INSERT, DELETE, UPDATE, whatever. Even SELECTs can make changes via SELECT INTO. And there's always temporary tables or table variables to complicate any attempts to identify a list of safe/unsafe sps.

My advice is to narrow down as much as possible what the read-only user should actually need to read, create a db role with EXECUTE permissions to just those objects, and start from there. And I hope you've not been giving EXECUTE permissions to the Public role, because if so you'll have to DENY EXECUTE on all the other stored procedures as well.

Postgresql – How to create a PostgreSQL web application user with limited privileges as easy as possible

Mass GRANT/REVOKE is only available on PostgreSQL 9.0+.

Instead, you can create the functions pg_grant() and pg_revoke() found at http://blog.bhushangahire.net/2009/06/17/grant-privileges-to-all-tables-in-a-database-for-postgresql/

The parameters to both functions are:

User Role
Permissions
Object name, may be a pattern. "%" affects all objects
Schema name

You will need to run the command on each database and each schema. The syntax looks like this:

SELECT pg_grant('web_user','SELECT,INSERT,UPDATE,DELETE','%','public');

If you like, you may be able to change this line in the function definition:

nspname = $4 AND

to this:

nspname like $4 AND

in order to be able to specify schema as a wildcard, but I haven't tested it.

Best Answer

Related Solutions

Security – Deny Stored Procedure Data Modification by User Security

Postgresql – How to create a PostgreSQL web application user with limited privileges as easy as possible

Related Topic