Re: Extend ALTER DEFAULT PRIVILEGES for large objects - Mailing list pgsql-hackers

On 2025/04/03 23:04, Yugo NAGATA wrote:
> On Wed, 2 Apr 2025 02:35:35 +0900
> Fujii Masao <masao.fujii@oss.nttdata.com> wrote:
> 
>>
>>
>> On 2025/01/23 19:22, Yugo NAGATA wrote:
>>> On Wed, 22 Jan 2025 13:30:17 +0100
>>> Laurenz Albe <laurenz.albe@cybertec.at> wrote:
>>>
>>>> On Fri, 2024-09-13 at 16:18 +0900, Yugo Nagata wrote:
>>>>> I've attached a updated patch. The test is rewritten using has_largeobject_privilege()
>>>>> function instead of calling loread & lowrite, which makes the test a bit simpler.
>>>>> Thare are no other changes.
>>>>
>>>> When I tried to apply this patch, I found that it doesn't apply any
>>>> more since commit f391d9dc93 renamed tab-complete.c to tab-complete.in.c.
>>>>
>>>> Attached is a rebased patch.
>>>
>>> Thank you for updating the patch!
>>>
>>>> I agree that large objects are a feature that should fade out (alas,
>>>> the JDBC driver still uses it for BLOBs).  But this patch is not big
>>>> or complicated and is unlikely to create a big maintenance burden.
>>>>
>>>> So I am somewhat for committing it.  It works as advertised.
>>>> If you are fine with my rebased patch, I can mark it as "ready for
>>>> committer".  If it actually gets committed depends on whether there
>>>> is a committer who thinks it worth the effort or not.
>>>
>>> I confirmed the patch and I am fine with it.
>>
>> I've started reviewing this patch since it's marked as "ready for committer".
> 
> Thank you for your reviewing this patch!
> 
>> I know of several systems that use large objects, and I believe
>> this feature would be beneficial for them. Overall, I like the idea.
>>
>>
>> The latest patch looks good to me. I just have one minor comment:
>>
>>>    only the privileges for schemas, tables (including views and foreign
>>>    tables), sequences, functions, and types (including domains) can be
>>>    altered.
>>
>> In alter_default_privileges.sgml, this part should also mention large objects?
> 
> Agreed. I attached a updated patch.

Thanks for updating the patch!

If there are no objections, I'll proceed with committing it using the following commit log.

----------------
Extend ALTER DEFAULT PRIVILEGES to define default privileges for large objects.

Previously, ALTER DEFAULT PRIVILEGES did not support large objects.
This meant that to grant privileges to users other than the owner,
permissions had to be manually assigned each time a large object
was created, which was inconvenient.

This commit extends ALTER DEFAULT PRIVILEGES to allow defining default
access privileges for large objects. With this change, specified privileges
will automatically apply to newly created large objects, making privilege
management more efficient.

As a side effect, this commit introduces the new keyword OBJECTS
since it's used in the syntax of ALTER DEFAULT PRIVILEGES.

Original patch by Haruka Takatsuka, with some fixes and tests by Yugo Nagata,
and rebased by Laurenz Albe.

Author: Takatsuka Haruka <harukat@sraoss.co.jp>
Co-authored-by: Yugo Nagata <nagata@sraoss.co.jp>
Co-authored-by: Laurenz Albe <laurenz.albe@cybertec.at>
Reviewed-by: Masao Fujii <masao.fujii@gmail.com>
Discussion: https://postgr.es/m/20240424115242.236b499b2bed5b7a27f7a418@sraoss.co.jp
----------------

Regards,

-- 
Fujii Masao
Advanced Computing Technology Center
Research and Development Headquarters
NTT DATA CORPORATION