[Babase] how do regular users append to tables
Karl O. Pinc
kop at meme.com
Thu Dec 6 13:52:51 EST 2007
On 12/06/2007 08:24:30 AM, kfenn wrote:
> Hi Karl,
>
> Laurence and I were updating the fecal tables earlier this week and a
> few questions came up
>
> 1) the Upload program doesn't work for non admin people.
It should. Looking at, e.g., 2 tables in fecal I see that while
the admale_copy2 table has granted privileges so everybody can
do _everything_, the all_males table is only allowing the users
lgesquie and anhu to do _anything_ at all, including using
SELECT on the table. I think maybe the permissions are not
right. (To check, pick the table and use the "permissions tab"
in the "tab list" running across the top of PPA. The docs
say how to grant permissions using SQL. There may be other
ways to grant permissions in PPA, I've not looked.)
That's
> fine, I see the security issues here.
It's up to the person who creates the table to grant
permission. I may not have thought through every upload security
issue so if you think of something let me know.
Instructions on granting permission are in the babase tech docs.
However, how do you recommend
> non-admins append to the end of existing tables? Laurence used the
> import button to add some new fecal data but the records appeared at
> the beginning of the table and she didn't like this. I know these
> tables aren't static like they are in FoxPro, but most of them do
> appear in a certain order when you browse them. Is there any way a
> regular user can add records to the end of a table?
There is no such thing as "the end of a table". The current PPA
browse displays the rows in the order they happen to come out.
Usually the come out in the same order, but that could change
at any time. I think the right approach is to modify PPA so that
the rows browse in id number order. (Technically, an ascending
sort of the primary key. All our tables have primary keys.)
It _sounds_ easy. If we want this I can write the PPA people
and probably get something in pretty quick. (I may have a todo
item for this already and you guys just didn't realize you
really wanted it.)
FYI, for the record.
In addition to the upload program and the import PPA feature
there's also the SQL "COPY FROM" statement. All these put
data in table. (There's also using INSERT to put the results of
a query into a table.)
>
> 2) Why wouldn't the Upload program work for me as an admin outside
> the babase schema? I tried to append to the fecal tables myself but
> couldn't get the program to let me update the fecal schema within the
> babase database. This will probably come up again with other schema:
> they may hold tables that should eventually be part of babase, but
> will be in transition for a period and will still need regular
> updates.
The person who created the table, the owner, has to grant
the admins access. See above. Note "WITH GRANT OPTION"
(http://www.postgresql.org/docs/8.1/static/sql-grant.html)
could be used when granting permissions to the admin group
(babase_admin) so that admins could then pass the permissions
on to others. But this probably does not make too much sense
because I _think_ permissions are almost always granted so
broadly in the first place that this would only make more work.
If you think we need different procedures and allowing admins
to further pass on their permissions is helpful then it might
be a matter of documenting procedure in the wiki. (Note
that "WITH GRANT OPTION" only allows a user/group to pass on
whatever permissions are being granted right there. So,
you can't pass on permissions you don't have.)
Karl <kop at meme.com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
More information about the Babase
mailing list