Permissions to create casts - Mailing list pgsql-hackers

From Peter Eisentraut
Subject Permissions to create casts
Date
Msg-id Pine.LNX.4.44.0207111957290.21510-100000@localhost.localdomain
Whole thread Raw
List pgsql-hackers
What should be the permissions required to create a cast?

Currently, it's approximately first come, first serve.  You probably need
to have execute privilege on the function, but that is the least concern.

With no permissions required on either the source or the target type, it's
easy to boobytrap the entire system by creating bogus casting functions.

Given the current granularity of the permissions on data types we'd need
to require the user to own both the source and the target type, which
would make the entire effort quite useless.

Even if we had a "usage" privilege on types, I'm not sure if that would be
appropriate, because creating a cast function is really more than usage --
it affects how the type behaves.

So I'm afraid this might even need to be a separate privilege altogether.

SQL99 effectively says that you must own the source type, the target type,
and the cast function, unless a type is not "user-defined", which is a
distinction we don't make.

Comments?

-- 
Peter Eisentraut   peter_e@gmx.net



pgsql-hackers by date:

Previous
From: Andy Kopciuch
Date:
Subject: Re: please help on query
Next
From: Hannu Krosing
Date:
Subject: Re: please help on query