Re: Open items - Mailing list pgsql-hackers
| From | Stephen Frost |
|---|---|
| Subject | Re: Open items |
| Date | |
| Msg-id | 20050629194354.GZ24207@ns.snowman.net Whole thread Raw |
| In response to | Re: Open items (Tom Lane <tgl@sss.pgh.pa.us>) |
| Responses |
Re: Open items
|
| List | pgsql-hackers |
* Tom Lane (tgl@sss.pgh.pa.us) wrote:
> Stephen Frost <sfrost@snowman.net> writes:
> > ... We really should also support SET ROLE. Perhaps if I have
> > time I'll go through the SQL spec looking at the specific requirements
> > of 'Basic Role Support' and 'Extended Role Support' and come up with
> > what we've got, what we're missing, and then we can decide which are
> > features, which are bugfixes, and what we can claim in the docs.
>
> Yes, that'd be a fine thing to do.
Here's the results of this. I think we're pretty close to having both
"Basic roles" and "Extended roles" personally. For 'Basic roles' we
need SET ROLE and some information schema tables. For 'Extended roles'
I think we need '<default option> CURRENT_ROLE' (if this isn't already
taken care of because CURRENT_ROLE is a function?), REVOKE ROLE w/
CASCADE drop behavior. There were a few other things in 'Extended
roles' that I didn't entirely follow but think we probably meet or would
meet with the above mentioned items...
Here's the complete list. * = Already supported, ? = Might be
supported, others are to-do items.
Basic roles, Feature T331 * <role name> * CREATE ROLE * GRANT ROLE * DROP ROLE * REVOKE ROLE SET ROLE
INFORMATION_SCHEMA.ADMINISTRABLE_ROLE_AUTHORIZATIONSINFORMATION_SCHEMA.APPLICABLE_ROLES
INFORMATION_SCHEMA.ENABLED_ROLESINFORMATION_SCHEMA.ROLE_COLUMN_GRANTS INFORMATION_SCHEMA.ROLE_ROUTINE_GRANTS
INFORMATION_SCHEMA.ROLE_TABLE_GRANTSINFORMATION_SCHEMA.ROLE_TABLE_METHOD_GRANTS INFORMATION_SCHEMA.ROLE_USAGE_GRANTS
INFORMATION_SCHEMA.ROLE_UDT_GRANTS INFORMATION_SCHEMA.ADMIN_ROLE_AUTHS INFORMATION_SCHEMA.ROLE_ROUT_GRANTS
Extended roles, Feature T332 (Implies Basic roles) ? <default option> CURRENT_ROLE * CURRENT_ROLE * CREATE ROLE w/
ADMINOPTION * REVOKE ROLE w/ <revoke option extension> GRANT OPTION FOR
(GRANTADMIN FOR?) REVOKE ROLE w/ <drop behavior> CASCADE
<revoke statement> containing <privileges> which contain an <object name> where the owner of the SQL-schema that is
specified explicitly or implicitly in the <object name> is not the current authorization identifier (superuser()?)
<revoke statement> with privilege descriptor PD which satisfies: (a) PD identifies the object identified by <object
name>simply contained in <privileges> contained in the <revoke statement> (CURRENT_ROLE?) (b) PD
identifiesthe <grantee> identified by any <grantee> simply contained in <revoke statement> and that <grantee>
doesnot identify the owner of the SQL-schema that is specified explicitly or implicitly in the <object
name>simply contained in <privileges> contained in the <revoke statement> (CURRENT_USER?) (c) PD
identifiesthe action identified by the <action> simply contained in <privileges> contained in the <revoke
statement> (<drop bahavior> ?) (d) PD indicates that the privilege is grantable (GRANT ADMIN FOR?)
Thanks,
Stephen
pgsql-hackers by date: