On Mon, Aug 22, 2022 at 09:13:39PM +0200, Pavel Stehule wrote:
> po 22. 8. 2022 v 9:33 odesílatel Julien Rouhaud <rjuju123@gmail.com> napsal:
>
> >
> > - you define new AclMode READ and WRITE. Those bits are precious and I
> > don't
> > think it's ok to consume 2 bits for session variables, especially since
> > those
> > are the last two bits available since the recent GUC access control patch
> > (ACL_SET and ACL_ALTER_SYSTEM). Maybe we could existing INSERT and
> > UPDATE
> > privileges instead, like it's done for sequences?
> >
> >
> I have not a strong opinion about it. AclMode is uint32 - so I think there
> are still 15bites reserved. I think so UPDATE and SELECT rights can work,
> but maybe it is better to use separate rights WRITE, READ to be stronger
> signalized so the variable is not the relation. On other hand large objects
> use ACL_UPDATE, ACL_SELECT too, and it works. So I am neutral in this
> question. Has somebody here some opinion on this point? If not I'll modify
> the patch like Julien proposes.
Actually no, because AclMode is also used to store the grant option part. The
comment before AclMode warns about it:
* The present representation of AclItem limits us to 16 distinct rights,
* even though AclMode is defined as uint32. See utils/acl.h.
