AW: Proposal for enhancements of privilege system - Mailing list pgsql-hackers

From Zeugswetter Andreas SB
Subject AW: Proposal for enhancements of privilege system
Date
Msg-id 219F68D65015D011A8E000006F8590C604AF7DB3@sdexcsrv1.f000.d0188.sd.spardat.at
Whole thread Raw
Responses Re: AW: Proposal for enhancements of privilege system
Re: AW: Proposal for enhancements of privilege system
List pgsql-hackers
> > Imho this is an area where it does make sense to look at what other
> > db's do, because it makes the toolwriters life so much easier if pg
> > behaves like some other common db.
> 
> The defined interface to the privilege system is GRANT, REVOKE, and
> "access denied" (and a couple of INFORMATION_SCHEMA views, 
> eventually).
> I don't see how other db's play into this.

Of course the grant revoke is the same. But administrative tools usually
allow you to dump schema, all rights, triggers ... for an object and thus
need 
access to the system tables containing the grants.

> 
> > Other db's usually use a char array for priaction and don't have
> > priisgrantable, but code it into priaction. Or they use a bitfield.
> > This has the advantage of only producing one row per table.
> 
> That's the price I'm willing to pay for abstraction, 
> extensibility, and
> verifyability. But I'm open for better ideas.

Imho this is an area that is extremly sensitive to performance,
the rights have to be checked for each access.

Andreas


pgsql-hackers by date:

Previous
From: Philip Warner
Date:
Subject: Rename database?
Next
From: Peter Vazsonyi
Date:
Subject: Re: Re: [GENERAL] SPI & file locations