Home > mailing lists

Re: [PATCH] DefaultACLs - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: [PATCH] DefaultACLs
Date	September 29, 2009 15:05:48
Msg-id	9440.1254236736@sss.pgh.pa.us Whole thread Raw
In response to	Re: [PATCH] DefaultACLs (Petr Jelinek <pjmodos@pjmodos.net>)
Responses	Re: [PATCH] DefaultACLs Re: [PATCH] DefaultACLs
List	pgsql-hackers

Tree view

Petr Jelinek <pjmodos@pjmodos.net> writes:
> That's how it works now actually, the problem is that when you grant 
> something in the chain you can't revoke it anywhere else in the chain 
> when you are merging privileges as you proposed.

To allow that, you have to have some notion of a priority order among
the available defaults, so that you can sensibly say that A should
override B.  Which is easy as long as they've got hierarchical scopes,
but that doesn't seem like a restriction that will hold good for future
extensions.
        regards, tom lane

pgsql-hackers by date:

From: Tom Lane
Date: 29 September 2009, 15:02:45
Subject: Re: Rejecting weak passwords

From: Alvaro Herrera
Date: 29 September 2009, 15:16:03
Subject: Re: navigation menu for documents

Re: [PATCH] DefaultACLs - Mailing list pgsql-hackers

Previous

Next