Re: [PATCH] DefaultACLs - Mailing list pgsql-hackers
From | Petr Jelinek |
---|---|
Subject | Re: [PATCH] DefaultACLs |
Date | |
Msg-id | 4AC10035.6000505@pjmodos.net Whole thread Raw |
In response to | Re: [PATCH] DefaultACLs (Tom Lane <tgl@sss.pgh.pa.us>) |
List | pgsql-hackers |
Tom Lane wrote: <blockquote cite="mid:11380.1254159141@sss.pgh.pa.us" type="cite"><pre wrap="">Petr Jelinek <a class="moz-txt-link-rfc2396E"href="mailto:pjmodos@pjmodos.net"><pjmodos@pjmodos.net></a> writes: </pre><blockquotetype="cite"><pre wrap="">[ latest version of DefaultACLs patch ] </pre></blockquote><pre wrap=""> I started looking through this patch, but found that it's not nearly ready to commit :-(. The big missing piece is that there's no pg_dump support for default ACLs. That's a bigger chunk of code than I have time/interest to write, and I don't think I want to commit the feature without it. (I'm willing to commit without tab completion or any psql \d command to show the defaults, but pg_dump just isn't optional.) </pre></blockquote><br /> Yeah I completely forgotabout pg_dump just like I did with anonymous code blocks :-(<br /><br /><blockquote cite="mid:11380.1254159141@sss.pgh.pa.us"type="cite"><pre wrap="">There is another large problem, too. The patch seems tohave only half-baked support for global defaults (those not tied to a specific schema) --- it looks like you can put them in, but half of the code will ignore them or else fail while trying to use them. This isn't just a matter of a few missed cases while coding, I think. The generic issue that the code doesn't even think about addressing is which default should apply when there's potentially more than one applicable default? As long as there's only global and per-schema defaults, it's not too hard to decide that the latter take precedence over the former; but I have no idea what we're going to do in order to add any other features. This seems like a sufficiently big conceptual issue that it had better be resolved now, even if the first version of the patch doesn't really need to deal with it. </pre></blockquote><br /> Half of the code will ignore them ? Theyare ignored if schema specific defaults were set.<br /> Yes I haven't tried to solve the problem of having non-hierarchicalfilters for defaults and if we require that then this patch is dead for (at least) this commitfest, becauseat the moment I don't even know where to begin solving this.<br /><br /><blockquote cite="mid:11380.1254159141@sss.pgh.pa.us"type="cite"><pre wrap="">Also, the GRANT DEFAULT PRIVILEGES thing just seems completelybizarre, and I'm not convinced it has a sufficient use-case to justify such a strange wart on GRANT. I think we should drop it. Or at least it needs to be proposed and discussed as a separate feature. Maybe it would seem less strange if the syntax was "RESET PRIVILEGES ON object". </pre></blockquote><br /> I vote for dropping it then.<br /><br/><pre class="moz-signature" cols="72">-- Regards Petr Jelinek (PJMODOS)</pre>
pgsql-hackers by date: