Postgres Pro
Downloads
Home   >   mailing lists

Re: New patch for Column-level privileges - Mailing list pgsql-hackers

From Markus Wanner
Subject Re: New patch for Column-level privileges
Date
Msg-id 4960F209.2060700@bluegap.ch
Whole thread Raw
In response to Re: New patch for Column-level privileges  (Stephen Frost <sfrost@snowman.net>)
Responses Re: New patch for Column-level privileges  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-hackers
Tree view 
Hello Stephen,

Stephen Frost wrote:
> I'm going to look into it but it's a bit complicated.  I was hoping
> someone who's more familiar with those parts would be able to look at
> it.

Good to hear. I've just been asking, because it remained unclear to me.

> I don't think that's the right approach, but I'll look into it.  I ran
> into a similiar issue though, and I don't believe it's too hard to fix
> (the issue here is that the REVOKE needs to remove the column-level grant
> as well).  I'll try and look into it tonight or tomorrow.

Cool, because that's the biggest issue, IMO.

>> test=# GRANT UPDATE(xmin) ON test TO joe;
>> GRANT
>> test=# GRANT INSERT(xmin) ON test TO joe;
>> GRANT
> 
> Hmm, ok, that's easy enough to fix.
> 
>> [ Note that user joe can INSERT or UPDATE tuples of relation test even
>> without those column level privileges, as long as he is allowed to
>> INSERT or UPDATE the affected non-hidden columns. ]
> 
> Right, that's correct.  You don't need table-level permissions so long
> as you have permissions on the columns you're trying to select/modify.

I was trying to check, if these privileges on hidden columns have any
effect. So far I didn't encounter any, except for SELECT.

>> Some minor nit-picks: some lines exceed 80 columns, multi-line comments
>> don't follow coding standards.
> 
> Hrmpf.  I'll go back and review the coding standards..  I don't recall
> that 80 column was a fixed limit.

Hm.. sorry, looks like it's not mentioned in the docu. I'm pretty sure
pgindent strips lines to something below 80 columns, though. (And I'm
personally used to terminals with exactly 80 cols, so everything longer
than  is not easy to my eyes, thus the complaint. Don't bother much).

>> BTW: how are long constant strings expected to be formatted? Are those
>> allowed to exceed 80 columns, or are they expected to be split like so
>> (i.e. for errmsg):
>>
>>   "Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed "
>>   "do eiusmod tempor incididunt ut labore et dolore magna aliqua."
> 
> Honestly, I think I've seen both done.

Yeah, that's why I'm asking.

Regards

Markus Wanner

pgsql-hackers by date:

Previous
From: Andrew Dunstan
Date:
Subject: Re: parallel restore
Next
From: Simon Riggs
Date:
Subject: Re: parallel restore