Home > mailing lists

Re: [PATCH] DefaultACLs - Mailing list pgsql-hackers

From	Robert Haas
Subject	Re: [PATCH] DefaultACLs
Date	September 29, 2009 13:40:52
Msg-id	603c8f070909290640h4384e645r4a299dbd7f6dddbd@mail.gmail.com Whole thread Raw
In response to	Re: [PATCH] DefaultACLs (Stephen Frost <sfrost@snowman.net>)
Responses	Re: [PATCH] DefaultACLs
List	pgsql-hackers

Tree view

On Mon, Sep 28, 2009 at 11:47 PM, Stephen Frost <sfrost@snowman.net> wrote:
> * Robert Haas (robertmhaas@gmail.com) wrote:
>> > One potential trouble spot is that presumably the built-in default
>> > privileges (eg, PUBLIC EXECUTE for functions) would *not* cumulate
>> > with user-specified defaults.
>>
>> Why not?
>
> How would you have a default that says "I *don't* want public execute on
> my new functions"?

Hmm...

Maybe instead of having built-in default privileges, we could view
each user as having their global default ACL pre-initialized to that
same set of privileges (of course we needn't store it unless and until
they modify it).  Then they could add to those or take away from them,
plus add additional privileges at other levels.

...Robert

pgsql-hackers by date:

From: Gurjeet Singh
Date: 29 September 2009, 13:08:11
Subject: Re: Rejecting weak passwords

From: Robert Haas
Date: 29 September 2009, 13:42:12
Subject: Re: [PATCH] Reworks for Access Control facilities (r2311)

Re: [PATCH] DefaultACLs - Mailing list pgsql-hackers

Previous

Next