We need to implement row-level security policy for a PostgreSQL View. Is there any option to do this?
Thank You
CREATE VIEW
view_own_log
AS SELECT
these,
fields,
only
FROM
restricted_log_table
WHERE
username=user;
user is the logged on user.
You can create more sophisticated WHERE clauses if needed. Have the table access limited to minimum and use GRANT to give access to the view.
Related
i'm new in oracle apex. I want to make a custom authorization based on the user role (manager or employee). I have make an UI for the manager to custom the access role based on the user role when the user click on the checkbox and when click save button (not working for now), the user must be able to access the form based on their access. Anyone know how to do that? Please help. Thank you
The custom access form
This is a very broad question, hard to answer in a single answer. I can give you some form of direction but not a detailed answer:
This is a form of a roles/responsibilities implementation. A user gets a role (employee) but in the application every functionality is tied to a responsibility (eg time sheet, user profile). This is one way to implement this:
create a user/role mapping table. A user has a row for every role he has, eg User "John" has role "Employee"
create a role/responsibility mapping table. One row for every responsibility that is granted to a role. This table will be populated from the screen that you posted the screenshot for
create one authorization scheme in the application for every responsibility you create (one for time sheet, one for user profile, etc). In this authorization scheme you check if there is a row for the current user joined to the user/role mapping table and to the role/responsibility mapping table
I have a table in my snowflake account with row access policy enabled to restrict access based on let's say 'region'.
Now , if i want to share this table to a reader account , how can I achieve that ?
I tried creating a secure view following the doc - https://docs.snowflake.com/en/user-guide/data-sharing-secure-views.html#sample-setup-and-tasks
However, when I select rows on the secure view via reader account, I do not see any rows though I added an entry for sharing_access.
When I tried the same with a table without row access policy , it works fine.
So was wondering if there is any limitation/restriction of using row access policy with secure shares ?
If you are asking whether you can share a secure view that references a table that has row access policies, the answer is yes. However, the row access policy must include an INVOKER_SHARE type of reference in order for the consumer to see any data. If your current row access policy only includes provider roles, then the consumer will not see any data.
Here is a brief reference in the documentation:
https://docs.snowflake.com/en/user-guide/security-row-intro.html#data-sharing
Data sharing consumers cannot apply a row access policy to a shared table or view. As a workaround, import the shared table or view and then apply the row access policy to a local view that queries the shared table or view.
Is it possible to stop stakeholders or users from a particular group from creating their own queries and only allowing them to run shared queries?
According to the documentation,
All users can create and edit their own queries and save them under My Queries.
From the security chart for queries:
It appears that the only way to restrict this is to remove your stakeholders from the Contributors group and add them to the Readers group, which is probably too restrictive for you.
As far as I know, I am afraid that there is no such method could restrict users from creating My Queries.
According to the doc:
All users can create and edit their own queries and save them under My Queries. Only you can view queries saved under your My Queries space.
First of all, the stakeholder role is the necessary permission to access the organization (the lowest).
This role still has the permission to create anad save My Queries.
Based on my test, when adding a stakeholder role user to the Project Readers Group, the user still could have permission to create query to My Query.
On the other hand, I suggest that you could create a suggestion tikcet in Our UserVoice Site to report this feature.
I am using Tableau 10.1.1.
There is one report that I need to block most of the user and allow access to only very select subset of users. How can this be done in Tableau?
Thanks!
Create a group for the select subset of users (see Add Users to a Group) and then grant access to only that group (see Permissions Reference).
I wonder if there is a possibility to hide tables from a certain user, not just revoking access to them.
Basically what needs to be done is to grant a user read-only access to the DB, but hide some tables from him.
I tried to revoke all privileges from schema public but to no avail.
So far you can not hide Postgres System Catalogs. Meaning you can not hide metadata.
The user can still see the structure, but can not access them if not granted access.
If you want to grant specific permissions to specific users you can use VIEWS.
https://www.tutorialspoint.com/postgresql/postgresql_views.htm