Thread: Extending grant insert on tables to sequences
Hi, The idea of this patch is to avoid the need to make explicit grants on sequences owned by tables. This patch make: - GRANT INSERT ON TABLE extend to GRANT USAGE ON SEQUENCE (currval, nextval) - GRANT UPDATE ON TABLE extend to GRANT UPDATE ON SEQUENCE (nextval, setval) - GRANT SELECT ON TABLE extend to GRANT SELECT ON SEQUENCE (currval) comments? -- regards, Jaime Casanova Soporte y capacitación de PostgreSQL Guayaquil - Ecuador Cel. (593) 087171157
Attachment
On Thu, May 22, 2008 at 1:18 PM, Jaime Casanova <systemguards@gmail.com> wrote: > Hi, > > The idea of this patch is to avoid the need to make explicit grants on > sequences owned by tables. > I've noted that the patch i attached is an older version that doesn't compile because of a typo... Re-attaching right patch and fix documentation to indicate the new behaviour... we need an user visible message to indicate this implicit grant on the sequences? -- Atentamente, Jaime Casanova Soporte y capacitación de PostgreSQL Guayaquil - Ecuador Cel. (593) 087171157
Attachment
On Sat, May 24, 2008 at 12:09 AM, Alvaro Herrera <alvherre@commandprompt.com> wrote: > > Please add the patch to the commitfest page, > Ah! I forgot we have a new process now... patch added to the commitfest page... -- Atentamente, Jaime Casanova Soporte y capacitación de PostgreSQL Guayaquil - Ecuador Cel. (593) 087171157
Jaime Casanova escribió: > On Thu, May 22, 2008 at 1:18 PM, Jaime Casanova <systemguards@gmail.com> wrote: > > Hi, > > > > The idea of this patch is to avoid the need to make explicit grants on > > sequences owned by tables. > > > > I've noted that the patch i attached is an older version that doesn't > compile because of a typo... > Re-attaching right patch and fix documentation to indicate the new behaviour... Please add the patch to the commitfest page, http://wiki.postgresql.org/wiki/CommitFest:July -- Alvaro Herrera http://www.CommandPrompt.com/ PostgreSQL Replication, Consulting, Custom Development, 24x7 support
On Saturday 24 May 2008 01:19:05 Jaime Casanova wrote:
> On Sat, May 24, 2008 at 12:09 AM, Alvaro Herrera
>
> <alvherre@commandprompt.com> wrote:
> > Please add the patch to the commitfest page,
>
> Ah! I forgot we have a new process now... patch added to the commitfest
> page...
>
What's the use case for extending SELECT on table to SELECT on sequence ?
--
Robert Treat
Build A Brighter LAMP :: Linux Apache {middleware} PostgreSQL
On 5/29/08, Robert Treat <xzilla@users.sourceforge.net> wrote: > On Saturday 24 May 2008 01:19:05 Jaime Casanova wrote: > > On Sat, May 24, 2008 at 12:09 AM, Alvaro Herrera > > > > <alvherre@commandprompt.com> wrote: > > > Please add the patch to the commitfest page, > > > > Ah! I forgot we have a new process now... patch added to the commitfest > > page... > > > > What's the use case for extending SELECT on table to SELECT on sequence ? > Just to be consistent -- Atentamente, Jaime Casanova Soporte y capacitación de PostgreSQL Guayaquil - Ecuador Cel. (593) 087171157
Jaime Casanova escribió:
> On Thu, May 22, 2008 at 1:18 PM, Jaime Casanova <systemguards@gmail.com> wrote:
> > Hi,
> >
> > The idea of this patch is to avoid the need to make explicit grants on
> > sequences owned by tables.
>
> I've noted that the patch i attached is an older version that doesn't
> compile because of a typo...
> Re-attaching right patch and fix documentation to indicate the new behaviour...
I had a look at this patch and it looks good. The only thing that's not
clear to me is whether we have agreed we want this to be the default
behavior?
A quibble:
> + foreach(cell, istmt.objects)
> + {
> + [...]
> +
> + istmt_seq.objects = getOwnedSequences(lfirst_oid(cell));
> + if (istmt_seq.objects != NIL)
> + {
> + if (istmt.privileges & (ACL_INSERT))
> + istmt_seq.privileges |= ACL_USAGE;
> + else if (istmt.privileges & (ACL_UPDATE))
> + istmt_seq.privileges |= ACL_UPDATE;
> + else if (istmt.privileges & (ACL_SELECT))
> + istmt_seq.privileges |= ACL_SELECT;
> +
> + ExecGrantStmt_oids(&istmt_seq);
> + }
Wouldn't it be clearer to build a list with all the sequences owned by
the tables in istmt.objects, and then call ExecGrantStmt_oids() a single
time with the big list?
--
Alvaro Herrera http://www.CommandPrompt.com/
PostgreSQL Replication, Consulting, Custom Development, 24x7 support
On 7/8/08, Alvaro Herrera <alvherre@commandprompt.com> wrote: > Jaime Casanova escribió: > > On Thu, May 22, 2008 at 1:18 PM, Jaime Casanova <systemguards@gmail.com> wrote: > > > Hi, > > > > > > The idea of this patch is to avoid the need to make explicit grants on > > > sequences owned by tables. > > > > I've noted that the patch i attached is an older version that doesn't > > compile because of a typo... > > Re-attaching right patch and fix documentation to indicate the new behaviour... > > I had a look at this patch and it looks good. The only thing that's not > clear to me is whether we have agreed we want this to be the default > behavior? > mmm... i don't remember from where i took the equivalences... i will review if there is any concensus in that... anyway now i when people should speak about it... > > Wouldn't it be clearer to build a list with all the sequences owned by > the tables in istmt.objects, and then call ExecGrantStmt_oids() a single > time with the big list? > at night i will see the code for this... -- regards, Jaime Casanova Soporte y capacitación de PostgreSQL Guayaquil - Ecuador Cel. (593) 87171157