Managing Model Security
You can manage the security privileges on your models by using the GRANT and REVOKE statements. The following examples show how you can change privileges on user1 and user2 using the faithful
table using the linearReg model.
- In the following example, the dbadmin grants the SELECT privilege to user1:
- Then, the dbadmin grants the CREATE privilege on the public schema to user1:
- Connect to the database as user1:
- As user1, build the linearReg model:
=> GRANT SELECT ON TABLE faithful TO user1;
GRANT PRIVILEGE
=> GRANT CREATE ON SCHEMA public TO user1; GRANT PRIVILEGE
=> \c - user1
=> SELECT LINEAR_REG('linearReg', 'faithful', 'waiting', 'eruptions');
LINEAR_REG
---------------------------
Finished in 1 iterations
(1 row)
- As user1, grant USAGE privileges to user2:
=> GRANT USAGE ON MODEL linearReg TO user2; GRANT PRIVILEGE
- Connect to the database as user2:
=> \c - user2
- To confirm privileges were granted to user2, run the SUMMARIZE_MODEL function. A user with the USAGE privilege on a model can run SUMMARIZE_MODEL on that model:
=> SELECT SUMMARIZE_MODEL('linearReg'); summarize_model --------------------------------------------------------------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------------------------------------------------------------------- coeff names : {Intercept, eruptions} coeffecients: {33.47439702, 10.7296414} std_err: {1.155, 0.3148} t_value: {28.99, 34.09} p_value: {< 1e-20, < 1e-20} Number of iterations: 1, Number of skipped samples: 0, Number of processed samples: 272 Call:linear_reg('linearReg', 'faithful', '"waiting"', 'eruptions' USING PARAMETERS optimizer='newton', epsilon=1e-06, max_iterations=100) (1 row)
- Connect to the database as user1:
=> \c - user1
- Then, you can use the REVOKE statement to revoke privileges from user2:
=> REVOKE USAGE ON MODEL linearReg FROM user2;
REVOKE PRIVILEGE
- To confirm the privileges were revoked, connect as user 2 and run the SUMMARIZE_MODEL function:
=> \c - user2
=>SELECT SUMMARIZE_MODEL('linearReg'); ERROR 7523: Problem in summarize_model. Detail: Permission denied for model linearReg