Re: Proposal: access control jails (and introduction as aspiring GSoC student) - Mailing list pgsql-hackers

From Robert Haas
Subject Re: Proposal: access control jails (and introduction as aspiring GSoC student)
Date
Msg-id 603c8f071003231851s1c50687eq107bc7b347a1bd8f@mail.gmail.com
Whole thread Raw
In response to Re: Proposal: access control jails (and introduction as aspiring GSoC student)  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Proposal: access control jails (and introduction as aspiring GSoC student)
List pgsql-hackers
On Tue, Mar 23, 2010 at 8:30 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Robert Haas <robertmhaas@gmail.com> writes:
>> On Tue, Mar 23, 2010 at 8:16 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>>> My first thought about a catalog representation would be to add a column
>>> to pg_auth which is a DB OID for local users or zero for global users.
>>> However, you'd probably want to prevent local users and global users
>>> from having the same names, and it's not very clear how to do that
>>> with this representation (though that'd be even worse with separate
>>> catalogs).  I guess we could fall back on a creation-time check (ick).
>
>> Could we use a suitably defined exclusion constraint?
>
> Not unless you'd like to solve the issues with triggers on system
> catalogs first ...

Urp.  Not really, though I don't know what they are exactly.  I didn't
think exclusion constraints depended on triggers.  UNIQUE constraints
work on system catalogs, right?

...Robert


pgsql-hackers by date:

Previous
From: Fujii Masao
Date:
Subject: Re: Mismatch in libpqwalreceiver
Next
From: Fujii Masao
Date:
Subject: Re: [COMMITTERS] pgsql: Add connection messages for streaming replication.