Home > mailing lists

Re: GRANT/REVOKE: Allow column-level privileges - Mailing list pgsql-hackers

From	kevin brintnall
Subject	Re: GRANT/REVOKE: Allow column-level privileges
Date	January 29, 2006 18:30:26
Msg-id	20060129193023.GA39448@rufus.net Whole thread Raw
In response to	Re: GRANT/REVOKE: Allow column-level privileges ("William ZHANG" <uniware@zedware.org>)
Responses	Re: GRANT/REVOKE: Allow column-level privileges (Euler Taveira de Oliveira <eulerto@yahoo.com.br>)
List	pgsql-hackers

Tree view

On Thu, Jan 26, 2006 at 10:25:40PM +0800, William ZHANG wrote:
> 
> I think we should pay attention to the sematic of table privs and column
> privs.
> Here is some examples.
> 
> 1. role1 GRANT table priviledge SELECT on table S to role2.
>     role1 REVOKE column priviledge SELECT on column S(SNO) from role2.

As I understand the SQL spec, the first (table-level) GRANT you specified
would be equivalent to repeating an appropriate column-level GRANT for
every column of S.  My thought was to check the column privs and apply
this logic:
if user matches an acl for the column    .. and priv is granted, then permit    .. else priv is not granted, rejectelse
fallthrough to table privileges

> 2. deal with circles in GRANT graph.

Can you give an examle for how this is any different for column-level
GRANTs?

-- kevin brintnall =~ <kbrint@rufus.net>

pgsql-hackers by date:

From: Tony Caduto
Date: 29 January 2006, 18:24:37
Subject: Re: Question about postgresql-8.1.2-1-binaries-no-installer.zip(win32)

From: "Mark Woodward"
Date: 29 January 2006, 18:51:08
Subject: Re: Want to add to contrib.... xmldbx

Re: GRANT/REVOKE: Allow column-level privileges - Mailing list pgsql-hackers

Previous

Next