Peter Eisentraut wrote:
> pg_privilege (
> priobj oid,
> prigrantor oid,
> prigrantee oid,
> priaction char,
> priisgrantable boolean,
>
> primary key (priobj, prigrantee, priaction)
> )
>
I like it.
> The straightforward choice would be to store a single reference to
> pg_class when the privilege describes the whole table, and
> pg_attribute references when only specific columns are named. That
> would mean the lookup routine will first look for a pg_class.oid entry
> and, failing that, then for possible pg_attribute.oid entries for the
> columns that it's interested in. This is of course suboptimal when no
> privilege exists in the first place but that is not necessarily the case
> we're optimizing for.
Don't worry about performance for the access denied case. That is going
to be outweighed 1000:1 by the access allowed case. Go for the clean
solution.
