Re: [PATCH] unalias of ACL_SELECT_FOR_UPDATE

Поиск
Список
Период
Сортировка
От KaiGai Kohei
Тема Re: [PATCH] unalias of ACL_SELECT_FOR_UPDATE
Дата
Msg-id 49E81EA1.2060202@ak.jp.nec.com
обсуждение исходный текст
Ответ на Re: [PATCH] unalias of ACL_SELECT_FOR_UPDATE  (Heikki Linnakangas <heikki.linnakangas@enterprisedb.com>)
Ответы Re: [PATCH] unalias of ACL_SELECT_FOR_UPDATE
Список pgsql-hackers
Дерево обсуждения 
Heikki Linnakangas wrote:
> KaiGai Kohei wrote:
>> Currently, the ACL_SELECT_FOR_UPDATE privilege is defined as an alias
>> of ACL_UPDATE as follows:
>>
>>   at src/include/nodes/parsenodes.h:
>>            :
>>   /* Currently, SELECT ... FOR UPDATE/FOR SHARE requires UPDATE privileges */
>>   #define ACL_SELECT_FOR_UPDATE   ACL_UPDATE
>>            :
>>
>> It is unconfortable for us because SE-PostgreSQL have two individual
>> permissions for updates (db_table:{update}) and explicit table locks
>> (db_table:{lock}), but it unables to discriminate whether the given
>> relation is actually used for UPDATE or SELECT FOR UPDATE.
> 
> What's the point of doing SELECT FOR UPDATE if you're not actually going
> to UPDATE the row? Having separate permissions for SELECT FOR UPDATE and
> UPDATE seems useless.

I wonder why SELECT FOR UPDATE need ACL_UPDATE, although the statement
itself does not modify any of the given relation.
Indeed, it normally leads UPDATE statements, but I think ACL_UPDATE
should be checked on the later phase.

> A separate permission for SELECT FOR SHARE makes more sense, though.

It is my major concern rather than exclusive locks.
The SELECT FOR SHARE statement also requires ACL_SELECT_FOR_UPDATE,
although it is a read only operation. It makes us hard to set up
a table with foreign-key which refers a primary-key on read-only
table, for example.

Thanks,
-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>

В списке pgsql-hackers по дате отправления: