Home > mailing lists

Re: Updates of SE-PostgreSQL 8.4devel patches - Mailing list pgsql-hackers

From	KaiGai Kohei
Subject	Re: Updates of SE-PostgreSQL 8.4devel patches
Date	October 15, 2008 08:11:23
Msg-id	48F5A593.40207@ak.jp.nec.com Whole thread Raw
In response to	Re: Updates of SE-PostgreSQL 8.4devel patches (Bruce Momjian <bruce@momjian.us>)
Responses	Re: Updates of SE-PostgreSQL 8.4devel patches
List	pgsql-hackers

Tree view

Bruce Momjian wrote:
> I think we could use row-level access control to prevent people from
> seeing databases they should not see in pg_database.

The row-level database ACL which I submitted yesterdat does not allow
to assign ACLs to tuples within system catalogs (like pg_database),
because it is unclear who should be the owner of tuples.

As I noted at the previous message, it considers the owner of the table
as the owner of the tuples due to several reasons. However, some of system
catalogs have its owner field like "pg_proc.proowner".
This limitation is not a fundamental one, so we can remove it soon.

But, who should be the owner of tuples within system catalogs which have
some kind of "owner" field.

Thanks,
-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>

pgsql-hackers by date:

From: Simon Riggs
Date: 15 October 2008, 07:27:19
Subject: Re: CLUSTER, REINDEX, VACUUM in "read only" transaction?

From: "Laurent Wandrebeck"
Date: 15 October 2008, 08:22:12
Subject: Column level triggers

Re: Updates of SE-PostgreSQL 8.4devel patches - Mailing list pgsql-hackers

Previous

Next