Re: Proposal for enhancements of privilege system - Mailing list pgsql-hackers

From Peter Eisentraut
Subject Re: Proposal for enhancements of privilege system
Date
Msg-id Pine.LNX.4.21.0005291754030.359-100000@localhost.localdomain
Whole thread Raw
In response to Re: Proposal for enhancements of privilege system  (Andreas Zeugswetter <andreas.zeugswetter@telecom.at>)
List pgsql-hackers
Andreas Zeugswetter writes:

> Imho this is an area where it does make sense to look at what other
> db's do, because it makes the toolwriters life so much easier if pg
> behaves like some other common db.

The defined interface to the privilege system is GRANT, REVOKE, and
"access denied" (and a couple of INFORMATION_SCHEMA views, eventually).
I don't see how other db's play into this.

> Other db's usually use a char array for priaction and don't have
> priisgrantable, but code it into priaction. Or they use a bitfield.
> This has the advantage of only producing one row per table.

That's the price I'm willing to pay for abstraction, extensibility, and
verifyability. But I'm open for better ideas.


-- 
Peter Eisentraut                  Sernanders väg 10:115
peter_e@gmx.net                   75262 Uppsala
http://yi.org/peter-e/            Sweden



pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: Vacuum now uses AccessShareLock for analyze
Next
From: Peter Eisentraut
Date:
Subject: Configuration and build clean-up