I have a few questions about setting acl on SQL level.
Is it safe to do something like
UPDATE pg_class SET relacl = $1 WHERE oid = $2;
?
I don't think it is because ExecGrant_* call updateAclDependencies after
they do the update and my own update would not do that. But is it safe
to do my update if I'm not touching anything in pg_global?
If it is not safe, is there any point in keeping around makeaclitem()?
I see no use for it except for manually setting an acl column like
above, and it gives people a false sense of security (or at least it did
for me).
And finally, would there be any interest in a function like
aclset("char", oid, aclitem[]) and does this properly?
My use case is I have a simple view and a simple function that both
provide a wrapper over a table, and I want to have an event trigger that
updates their acls when the user does a GRANT/REVOKE on the base table.
--
Vik Fearing
