Re: Proposal: access control jails (and introduction as aspiring GSoC student) - Mailing list pgsql-hackers

From Stephen Frost
Subject Re: Proposal: access control jails (and introduction as aspiring GSoC student)
Date
Msg-id 20100322140357.GU21875@tamriel.snowman.net
Whole thread Raw
In response to Re: Proposal: access control jails (and introduction as aspiring GSoC student)  (Robert Haas <robertmhaas@gmail.com>)
Responses Re: Proposal: access control jails (and introduction as aspiring GSoC student)
List pgsql-hackers
* Robert Haas (robertmhaas@gmail.com) wrote:
> Sometimes it would be nice to conditionalize queries on a value other
> than the authenticated role.  I really wish we had some kind of SQL
> variable support.  Talking out of my rear end:

I certainly agree- having variable support in the backend would
definitely be nice.  I'd want it to be explicit and distinct from GUCs
though, unlike the situation we have w/ psql right now.  All that said,
I'm not really a huge fan of write-your-own-authorization-system in
general.  If the existing authorization system isn't sufficient for what
you want, then let's improve it.  There may be specific cases where
what's needed is particularly complex, but that's what security definer
functions are for..
Thanks,
    Stephen

pgsql-hackers by date:

Previous
From: Robert Haas
Date:
Subject: Re: Comments on Exclusion Constraints and related datatypes
Next
From: Tom Lane
Date:
Subject: Re: Comments on Exclusion Constraints and related datatypes