How to lock specific columns for editing for a user in postgresql

Question

How to lock specific columns for editing for a user in postgresql

How to block certain columns from editing even if the user has edit access to the table in postgresql.

+3

security sql locking postgresql postgresql-9.3

Harnish kumar 01 june 17 at 7:48

source to share

2 answers

PostgreSQL supports column security (as well as row security)

Call our limited role authors

create table staff (
  name text primary key,
  salary decimal(19,4)
);

create role authors;

grant select, insert, delete, update(name) on table staff to authors;

set role authors;

insert into staff values ('frank', 100); -- works!

select * from staff; -- works!

update staff set name='jim'; -- works!

update staff set salary=999; -- permission denied

+3

Neil McGuigan 01 june 17 at 18:32

source to share

Laurenz Albe · Accepted Answer · 2017-06-01T08:10:02+0000

You can add a trigger that barfs if the forbidden column is changed:

CREATE OR REPLACE FUNCTION cerberus() RETURNS trigger
   LANGUAGE plpgsql AS
$$BEGIN
   IF NEW.forbiddencol IS DISTINCT FROM OLD.forbiddencol
      AND current_user = 'luser'
   THEN
      RAISE EXCEPTION '"luser" must not update "forbiddencol"';
   END IF;
   RETURN NEW;
END;$$;

CREATE TRIGGER cerberus BEFORE UPDATE OF mytable
   FOR EACH ROW EXECUTE PROCEDURE cerberus();

How to lock specific columns for editing for a user in postgresql

More articles: