Thread: Implementation details of schema permissions?

Implementation details of schema permissions?

From

Peter Eisentraut

Date:

07 February 2002, 15:00:48

Tom, do you have plans yet on how to store permissions granted on schemas?

For the almost-done permissions on functions and languages, I reuse the
aclitem arrays.  Since these objects only have one kind of permission, it
seems reasonable to overload the select/read permission bit for this.

However, I imagine that schemas may have a different set of permissions,
perhaps including CREATE and such, which might not fit into the aclitem.
In case you're inventing a whole new mechanism that needs to be
coordinated, let me know.

-- 
Peter Eisentraut   peter_e@gmx.net

Re: Implementation details of schema permissions?

From

Tom Lane

Date:

07 February 2002, 15:50:23

Peter Eisentraut <peter_e@gmx.net> writes:
> Tom, do you have plans yet on how to store permissions granted on schemas?

Haven't thought about it very hard.  I would like to reuse the existing
ACL support, of course.  We might need to generalize it to allow
different sets of permission bits for different kinds of objects.

[ thinks... ] AFAIR, the low-level ACL routines don't really know/care
much about the meanings of the bits, except for the I/O converters which
have to be able to map bits to code letters.  So parameterization seems
pretty feasible.  We could use atttypmod to let the I/O converters know
which code map applies to a particular ACL column, I think.
        regards, tom lane