Home > mailing lists

Re: [HACKERS] Simplify ACL handling for large objects and removal ofsuperuser() checks - Mailing list pgsql-hackers

From	Michael Paquier
Subject	Re: [HACKERS] Simplify ACL handling for large objects and removal ofsuperuser() checks
Date	August 16, 2017 04:09:47
Msg-id	CAB7nPqSCW0NohY9xk1qNzLw-sH=E0JVxL1z2WsS=O567k8AJtg@mail.gmail.com Whole thread Raw
In response to	Re: [HACKERS] Simplify ACL handling for large objects and removal ofsuperuser() checks (Robert Haas <robertmhaas@gmail.com>)
Responses	Re: [HACKERS] Simplify ACL handling for large objects and removal ofsuperuser() checks (Vaishnavi Prabakaran <vaishnaviprabakaran@gmail.com>)
List	pgsql-hackers

Tree view

On Tue, Aug 15, 2017 at 10:35 PM, Robert Haas <robertmhaas@gmail.com> wrote:
> +1 for 0001 and 0002 in general, but I can't help noticing that they
> lead to a noticeable worsening of the error messages in the regression
> tests.

As the access restriction gets handled by GRANT in this patch, that's
a price to pay. The verbosity of this message could be kept by
introducing a default role dedicated to LOs. Personally, I am of the
opinion that a default role in this case is not justified for only
those functions. Other opinions are welcome.

I have noticed that 0002 should update lobj.sgml as well, something I
missed. Now the docs say "Therefore, their use is restricted to
superusers." for lo_import and lo_export, but I think that "by
default" should be appended.
-- 
Michael

pgsql-hackers by date:

From: Robert Haas
Date: 16 August 2017, 04:08:47
Subject: Re: [HACKERS] [COMMITTERS] pgsql: Simplify plpgsql's check for simple expressions.

From: Tom Lane
Date: 16 August 2017, 04:40:42
Subject: Re: [HACKERS] [COMMITTERS] pgsql: Simplify plpgsql's check for simple expressions.

Re: [HACKERS] Simplify ACL handling for large objects and removal ofsuperuser() checks - Mailing list pgsql-hackers

Previous

Next