Re: Updates of SE-PostgreSQL 8.4devel patches (r1710)

KaiGai Kohei wrote:
> Heikki Linnakangas wrote:
>> KaiGai Kohei wrote:
>>>  * ACL_SELECT_FOR_UPDATE has same value with ACL_UPDATE, so 
>>> SE-PostgreSQL
>>>    checks db_table:{update} permission on SELECT ... FOR SHARE OF,
>>>    instead of db_table:{lock} permission.
>>
>> This again falls into the category of trying to have more fine-grained 
>> permissions than vanilla PostgreSQL has. Just give up on the lock 
>> permission, and let it check update permission instead. Yes, it can be 
>> annoying that you need update-permission to do SELECT FOR SHARE, but 
>> that's an existing problem and not in scope for this patch.
> 
> Can I consider the term of "problem" means it can be resolved
> in the future (v8.5, if possible) version?

Sure, a patch to address that in 8.5 would be welcome.

I don't know why it's like that. Maybe no-one has just bothered. Or 
maybe it's because of backwards-compatibility or SQL standard 
compliance. In any case, it would seem useful to separate them in the 
future.

--   Heikki Linnakangas  EnterpriseDB   http://www.enterprisedb.com