Re: Directory/File Access Permissions for COPY and Generic File Access Functions

* Robert Haas (robertmhaas@gmail.com) wrote:
> There is absolutely NOT consensus on
> this design or anything close to it.

There is no doubt that consensus on the desirability and design needs
to be reached before we can even consider committing it.  I suspect
Adam posted it simply because he had identified issues himself and
wanted to make others aware that things had been fixed.

That said, it sounds like the primary concern has been if we want this
feature at all and there hasn't been much discussion of the design
itself.  Comments about the technical design would be great.  I
appreciate your thoughts about using a PGC_SUSER GUC, but I don't feel
like it really works as it's all-or-nothing and doesn't provide
read-vs-write, unless we extend it out to be multiple GUCs and then
there is still the question about per-role access..

I'm not sure that I see a way to allow the per-role granularity without
having a top-level catalog object on which the GRANT can be executed and
ACL information stored.  Perhaps it's unfortunate that we don't have a
more generic way to address that but I'm not sure I really see another
catalog table as a big problem..
Thanks!
    Stephen