Re: Updates of SE-PostgreSQL 8.4devel patches (r1324)

KaiGai Kohei <kaigai@kaigai.gr.jp> writes:
> Bruce Momjian wrote:
>> 1034 and 25 are the oids for 'acllist' and 'text' and they are being
>> added to system tables.  Are you saying system tables don't use
>> pg_security but other tables do?

> It means users can refer the "security_acl" and "security_label",
> as if they have proper types. However, in actually, they are stroed
> as security identifiers.

> When user refers "security_acl", the patched heap_getsysattr() invokes
> rowaclHeapGetSecurityAclSysattr() to translate the security identifier
> of Row-level ACLs into an array of ACLs. User will see the translated
> representation, as if there is a variable length array, not an oid.

This seems like a pretty bad idea that will eventually bite you in an
uncomfortable place.  Lying about what datatype a field is is just not
safe.

It would probably be better to expose the actual security identifier
(as an OID or whatever it is) and provide simple translation
capabilities a la regclass and other OID-alias types.
        regards, tom lane