Re: pre-proposal: permissions made easier
| От | Aidan Van Dyk |
|---|---|
| Тема | Re: pre-proposal: permissions made easier |
| Дата | |
| Msg-id | 20090630131254.GC8417@yugib.highrise.ca обсуждение исходный текст |
| Ответ на | Re: pre-proposal: permissions made easier (Andrew Dunstan <andrew@dunslane.net>) |
| Список | pgsql-hackers |
* Andrew Dunstan <andrew@dunslane.net> [090630 09:08]: > > > Aidan Van Dyk wrote: >> >> *especially* if those grants remain "by reference", i.e. If I change the >> GRANTS/REVOKES on sensitive_table, those are automatically "apply" to all >> tables created with the "WITH GRANTS LIKE sensitive_table"... >> >> >> > > Isn't that exactly what Tom is objecting to, namely that the permissions > of an object would not be contained entirely in catalog entry for the > object itself? Well, it depends on how it's done... If one of the permissions on an object you can assign is "look at $X", the you don't get the "hidden permissions" problem. The object itself still contains everything you need to "trace" the permissions of an object... I have no idea if it's something that even half-aligns with the internal permission model/code... a. -- Aidan Van Dyk Create like a god, aidan@highrise.ca command like a king, http://www.highrise.ca/ work like a slave.
В списке pgsql-hackers по дате отправления: