* KaiGai Kohei (kaigai@kaigai.gr.jp) wrote:
> As I noted in the reply to Stephen Frost, "what should be controled"
> (e.g, ALTER TABLE) and "how to check it" (e.g, ownership based control)
> are different things.
>
> If we go on the direction to restructure the current aclcheck mechanism
> and to integrate entry points of security features into a single file,
> I really really want an implementation independent layer which focuses
> on access controls.
I think that's what I'm advocating.. If, by that, you mean we should do
it in a separate file from aclchk.c, I'm not against that. It would
likely mean moving some things *from* aclchk.c into it, and then just
using aclchk.c for "helpers" to support the PG permissions. I'm not
sure which way would be "easier" to handle in terms of patch review,
etc..
Thanks,
Stephen
