Home > mailing lists

Re: [HACHERS] privilege check: column level only? - Mailing list pgsql-hackers

From	Andrew Dunstan
Subject	Re: [HACHERS] privilege check: column level only?
Date	June 5, 2007 13:56:57
Msg-id	46656B9D.40707@dunslane.net Whole thread Raw
In response to	Re: [HACHERS] privilege check: column level only? (Peter Eisentraut <peter_e@gmx.net>)
List	pgsql-hackers

Tree view

Peter Eisentraut wrote:
> Am Dienstag, 5. Juni 2007 06:39 schrieb Golden Liu:
>   
>> According to this, column privilege descriptors are created automatically
>> while table privilege descriptor is created. Then, while checking
>> privilege, can I JUST check column level privilege?
>>     
>
> While possible, for performance reasons it would probably be unwise.  Needs 
> checking.
>   

We can possibly infer their existence according to the table level 
privileges in certain cases.  But it's not clear to me how that will 
work when we change the table level privileges, nor how it works with 
revoked privileges. Do we have any provision for negative privileges? If 
not, do we need them?

cheers

andrew

pgsql-hackers by date:

From: Teodor Sigaev
Date: 05 June 2007, 13:18:41
Subject: Re: GIN, XLogInsert and MarkBufferDirty

From: Peter Eisentraut
Date: 05 June 2007, 14:05:09
Subject: CREATEROLE, CREATEDB

Re: [HACHERS] privilege check: column level only? - Mailing list pgsql-hackers

Previous

Next