Re: API change advice: Passing plan invalidation info from the rewriter into the planner? - Mailing list pgsql-hackers
| From | Robert Haas |
|---|---|
| Subject | Re: API change advice: Passing plan invalidation info from the rewriter into the planner? |
| Date | |
| Msg-id | CA+TgmoboPV8TjAWXnWbUHgrG2BcPpACuhUhfz6JH1K8UXhHjvg@mail.gmail.com Whole thread Raw |
| In response to | Re: API change advice: Passing plan invalidation info from the rewriter into the planner? (Stephen Frost <sfrost@snowman.net>) |
| Responses |
Re: API change advice: Passing plan invalidation info from
the rewriter into the planner?
(Stephen Frost <sfrost@snowman.net>)
|
| List | pgsql-hackers |
On Wed, Jun 18, 2014 at 10:40 AM, Stephen Frost <sfrost@snowman.net> wrote: > * Robert Haas (robertmhaas@gmail.com) wrote: >> On Tue, Jun 17, 2014 at 10:06 PM, Stephen Frost <sfrost@snowman.net> wrote: >> > I had taken it to be a single privilege, but you're right, it could be >> > done for each of those.. I really don't think we have the bits for more >> > than one case here though (if that) without a fair bit of additional >> > rework. I'm not against that rework (and called for it wayyy back when >> > I proposed the TRUNCATE privilege, as I recall) but that's a whole >> > different challenge and no small bit of work.. >> >> Technically, there are 4 bits left, and that's what we need for >> separate privileges. > > I'd really hate to chew them all up.. Usually it's the patch author who WANTS to chew up all the available bit space and OTHER people who say no. :-) >> We last consumed bits in 2008 (for TRUNCATE) and >> 2006 (for GRANT ON DATABASE), so even if we used all of the remaining >> bits it might be another 5 years before anyone has to do that >> refactoring. > > Perhaps, or we might come up with some new whiz-bang permission to add > next year. :/ Well, people proposed separate permissions for things like VACUUM and ANALYZE around the time TRUNCATE was added, and those were rejected on the grounds that they didn't add enough value to justify wasting bits on them. I think we see whether there's a workable system that such that marginal permissions (like TRUNCATE) that won't be checked often don't have to consume bits. >> But even if the refactoring needs to be done now for >> some reason, it's only June, and the last CommitFest doesn't start >> until February 15th. I think we're being way too quick to jump to >> talking about what can and can't be done in time for 9.5. Let's start >> by figuring out how we'd really like it to work and then, if it's too >> ambitious, we can scale it back. > > Alright- perhaps we can discuss what kind of refactoring would be needed > for such a change then, to get a better idea as to the scope of the > change and the level of effort required. > > My thoughts on how to address this were to segregate the ACL bits by > object type. That is to say, the AclMode stored for databases might > only use bits 0-2 (create/connect/temporary), while tables would use > bits 0-7 (insert/select/update/delete/references/trigger). This would > allow us to more easily add more rights at the database and/or > tablespace level too. Yeah, that's another idea. But it really deserves its own thread. I'm still not convinced we have to do this at all to meet this need, but that should be argued back and forth on that other thread. >> My main concern about using only one bit is that someone might want to >> allow a user to bypass RLS on SELECT while still enforcing it for >> data-modifying operations. That seems like a plausible use case to >> me. > > I absolutely agree that it's a real use-case and one which we should > support, just trying to avoid biting off more than can be done between > now and February. Still, if we get things hammered out and more-or-less > agreement on the way forward, getting the code written may move quickly. Nifty. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
pgsql-hackers by date: