Postgres Pro
Downloads
Home   >   mailing lists

Re: [PATCH] DefaultACLs - Mailing list pgsql-hackers

From Petr Jelinek
Subject Re: [PATCH] DefaultACLs
Date
Msg-id 4A68DC9B.8080008@pjmodos.net
Whole thread Raw
In response to Re: [PATCH] DefaultACLs  (Peter Eisentraut <peter_e@gmx.net>)
Responses Re: [PATCH] DefaultACLs  (Nikhil Sontakke <nikhil.sontakke@enterprisedb.com>)
List pgsql-hackers
Tree view 
Peter Eisentraut wrote: <blockquote cite="mid:200907231254.45451.peter_e@gmx.net" type="cite"><pre wrap="">On Thursday
23July 2009 06:26:05 Petr Jelinek wrote: </pre><blockquote type="cite"><pre wrap="">I'd still like to have opinion from
oneof the commiters on "the
 
VIEW problem" which also affects grant on all patch ( see
<a class="moz-txt-link-freetext"
href="http://archives.postgresql.org/pgsql-hackers/2009-07/msg00957.php">http://archives.postgresql.org/pgsql-hackers/2009-07/msg00957.php</a>
)and
 
I fear "returned with feedback" might prevent that until next commit fest.   </pre></blockquote><pre wrap="">
I see potential for confusion in that GRANT ON TABLE x works if x is a base 
table or a view, but GRANT ON ALL TABLES would not affect views.  Maybe you 
need to make up a different syntax to affect only base tables, e.g., GRANT ON 
ALL BASE TABLES. </pre></blockquote><br /> That's not what I mean the problem is what is the best way of handling the
viewsin implementation itself (there were IIRC 3 possible solutions devised and I don't think we have consensus on
whichis better).<br /> In short, <br /> 1. add ACL_OBJECT_VIEW into GrantObjectType enum and track that inside code<br
/>2. create new enum with table, view, function and sequence objects in it (that works well for DefaultACLs but not for
GRANTON ALL)<br /> 3. add some boolean into GrantStmt that would indicate that relation is a view (that works for GRANT
ONALL but does not solve anything for DefaultACLs)<br /><br /> Currently DefaultACLs patch uses method 2 (because
Stephendoes not like method 1) and GRANT ON ALL patch uses method 1 and it might be better if both patches uses only
oneof those.<br /> If we went with method 1 we probably should just ditch GrantObjectType alltogether and work with
subsetof ObjectType as other commands do (I haven't found any reason for GrantObjectType to exist other than having
singleobject type for both TABLE and VIEW).<br /> And If we choose not to use method 1 then we should probably go with
2for DefaultACLs and 3 for GRANT ON ALL. That is unless somebody has a better solution.<br /><br /><pre
class="moz-signature"cols="72">-- 
 
Regards
Petr Jelinek (PJMODOS)</pre>

pgsql-hackers by date:

Previous
From: Jaime Casanova
Date:
Subject: Re: Determining client_encoding from client locale
Next
From: Tom Lane
Date:
Subject: Re: join regression failure on cygwin