Thu Oct 2 07:44:57 PDT 2008
- Previous message: [Slony1-general] Method for discovering the origin of a set
- Next message: [Slony1-general] Method for discovering the origin of a set
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Bill Moran <wmoran at collaborativefusion.com> writes: > I'm trying to do this: > SELECT set_origin FROM sl_set > > which works fine _IF_ I have superuser privs, but I need normal users > to be able to query the database to see if they're talking to a master > or a slave system (I know there are other ways to do this, such as > BEGIN; DELETE FROM replicated_table; ROLLBACK, but those methods > generate tons of errors that flood our error management systems, and > then require all sorts of other complexity to manage) > > Before I issue a GRANT to allow select rights on that table to anyone > who tries, my questions are: > * Is there any inherent danger in allowing SELECT on that table to > normal users? I wouldn't think so; there's not much sensitivity to that data. If you wanted to be paranoid, there, you might create a stored function to do the determination, and define it as a SECURITY DEFINER (e.g. - roughly equivalent to sudo). Actually, that's not too awfully paranoid; seems like a pretty good idea, actually. > * Is there a better way (I looked for a store procedure, such as > getlocalnodeid(), but if it exists, I'm not seeing it in the docs) There is a function, getLocalNodeId(); it's implemented in C, so it's not totally visible :-). -- ---------------------------------------------------------------------- -- FUNCTION getLocalNodeId (name) -- -- -- ---------------------------------------------------------------------- create or replace function @NAMESPACE at .getLocalNodeId (name) returns int4 as '$libdir/slony1_funcs', '_Slony_I_getLocalNodeId' language C security definer; grant execute on function @NAMESPACE at .getLocalNodeId (name) to public; comment on function @NAMESPACE at .getLocalNodeId (name) is 'Returns the node ID of the node being serviced on the local database'; -- let name="cbbrowne" and tld="linuxfinances.info" in name ^ "@" ^ tld;; http://linuxdatabases.info/info/lisp.html A LISP programmer knows the value of everything, but the cost of nothing. -- Alan J. Perlis
- Previous message: [Slony1-general] Method for discovering the origin of a set
- Next message: [Slony1-general] Method for discovering the origin of a set
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Slony1-general mailing list