Home > mailing lists

Re: Reimplementing permission checks for rules - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	Re: Reimplementing permission checks for rules
Date	September 27, 2000 09:38:56
Msg-id	Pine.LNX.4.21.0009262329210.515-100000@peter Whole thread Raw
In response to	Reimplementing permission checks for rules (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Reimplementing permission checks for rules
List	pgsql-hackers

Tree view

Tom Lane writes:

> What I'm thinking about doing is eliminating the "skipAcl" RTE field
> and instead adding an Oid field named something like "checkAclAs".
> The semantics of this field would be "if zero, check access permissions
> for this table using the current effective userID; but if not zero,
> check access permissions as if you are this userID".  Then the rule
> rewriter would do no access permission checks of its own, but would
> set this field appropriately in RTEs that it adds to queries.  All the
> actual permissions checking would happen in one place in the executor.

I like it.

-- 
Peter Eisentraut      peter_e@gmx.net       http://yi.org/peter-e/

pgsql-hackers by date:

From: Peter Eisentraut
Date: 27 September 2000, 09:23:06
Subject: There's the rub... (a meta note)

From: Peter Eisentraut
Date: 27 September 2000, 09:39:32
Subject: Re: Reimplementing permission checks for rules

Re: Reimplementing permission checks for rules - Mailing list pgsql-hackers

Previous

Next