KaiGai Kohei wrote:
> One matter was "use" permission, but I can agree to integrate
> it into "select" permission as the original design did.
Ok, great.
> The other is view. When we use a view in the query, it is extracted
> as a subquery and its query tree is fetched from pg_rewrite.ev_action
> which is already parsed. It means we need to ensure the parsed
> representation is not manipulated. The simplest solution is to prevent
> updating the pg_rewrite.ev_action by hand when SE-PostgreSQL is enabled.
Agreed. If SE-PostgreSQL is enabled, you need to forbid manual updates
to a lot of catalog tables. This is just another case of the same.
> I think smaller hard-wired rules are better, but it is a very corner-case
> and its benefit cannot be ignorable.
> - It enables to reduce the "walker" code from sepgsql/checker.c.
> (I guess it makes reduce a few hundreds lines.)
> - It helps to maintain code to pick up what tables/columns are
> accessed.
>
> If nobody disagree it, I'll integrate "use" permission into "select" and
> remove the "walker" code from sepgsql/checker.c due to the next Monday.
> It affects on sepgsql/checker.c, but I expect little changes on others.
> I'm happy, if you don't stop reviewing patches except for checker.c.
Sounds good, though I'm not 100% sure I understood what you're going to
replace the walker with. Seeing the patch will surely enlighten that :-).
-- Heikki Linnakangas EnterpriseDB http://www.enterprisedb.com