Hello,
In an attempt to implement ACLs at the application layer (for resources stored outside of the database), I am
evaluatingusing aclitem[] as a column type. All the functions I would need seem to be in place: aclcontains,
aclexplode,aclinsert, aclitemeq, aclitemin, aclitemout, aclremove, but they are conspicuously missing from the
documentation(http://www.mail-archive.com/pgsql-patches@postgresql.org/msg03400.html), so I wonder if there are any
caveatsor hurdles which would make me consider writing my own type.
From a cursory examination, it looks like the limitations would be:
1) roles must refer to postgresql roles (that's fine for my case)
2) permission options are hardcoded to "arwdDxtXUCTc" (not so great)
Are there any other problems I would encounter?
Cheers,
M