Since there is no plan yet how to do a wholesale overhaul of the ACL
system, I'd like to stick a few improvements into the current
implementation:
* Make DELETE distinct from UPDATE privilege
* rename the internal representation: s = select, i = insert, u = update, d = delete, R = rules
* LOCK > AccessShare will require UPDATE or DELETE. This is not a change in effect.
* Sequence nextval and setval will require UPDATE; DELETE won't do any longer.
* COPY FROM will require INSERT privilege. It used to require UPDATE/DELETE, it think that is not correct..
* INSERT (the command) will require INSERT privilege. UPDATE/DELETE won't do any longer. (Why was this there?)
* Implement SQL REFERENCES privilege: grant references on A to B will allow user B to create a foreign key referencing
tableA as primary key.
I'd also like to create a regression test. That will require creating
some global users and groups in the installation where the test runs. I
think as long as we name them "regressuser1", "regressgroup2", etc. this
won't harm anyone.
Comments?
--
Peter Eisentraut peter_e@gmx.net http://funkturm.homeip.net/~peter
