Q. I have a schema similar to the following:
member |— id |— display name |— picture member_role |— id (1, 2, 3, 4) |— description (admin, author, user, guest) member_account |— id |— member_id (internally references member.id) |— email |— password |— role_id (internally references member_role.id) articles |— id |— title |— body |— author_id (internally references member.id) function=accessTo: - register=guest, - login=guest, - create_article=admin,author - delete_article=admin,author - view_article=admin,author,user - delete_member=admin,current user
And I would like to limit what a member can access/execute as an additional internal security measure. Should I mix Tarantool access control with my own schema? (2018)
A. You can use
setuid to protect access to your data.
Create your schema under user A. Create
setuid functions that provide just the right access. Grant user B execute privileges on these functions. Do not set a password for user A - otherwise, no one will be able to authenticate as A. Set a password for user B.