Re: Google SoC: column-level privilege subsystem - Mailing list pgsql-hackers

From August Zajonc
Subject Re: Google SoC: column-level privilege subsystem
Date
Msg-id 462EED8B.4000004@augustz.com
Whole thread Raw
In response to Re: Google SoC: column-level privilege subsystem  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-hackers
Tom Lane wrote:
> "Robert Haas" <Robert.Haas@dyntek.com> writes:
> ...
>   
>>> IF this will be implemented as suggested here, it will become
>>> extremely counter-intuitive.
>>>       
> ...
>   
>> You could solve this by having explicit positive and negative ACLs, i.e.
>> your permissions for a particular column are:
>>     
>
> Uh, wait a moment, people.  The proposed project is to implement a
> capability that is fully, 100% specified by the SQL standard.  There
> is zero scope for API invention here.  You read the spec, you do
> what it says.
>
>   
I did read the spec. My suggestion still stands. Because this is a 
non-standard construct in the security world (which generally does && 
when combining attributes) the fact that revoking permissions on a 
column does nothing unless table exist deserves being documented.

I couldn't find the detail on the rest in the spec (what section is that 
in?) but I know Oracle allows inserts to happen if the columns without 
privilege are null or have a default value. Am I missing something 
obvious in the spec that describes this explicitly?

- August




pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: Google SoC: column-level privilege subsystem
Next
From: Jeremy Drake
Date:
Subject: Re: tsearch2 in 8.3