Re: [PATCH] DefaultACLs

Поиск
Список
Период
Сортировка
От Petr Jelinek
Тема Re: [PATCH] DefaultACLs
Дата
Msg-id 4A68DC9B.8080008@pjmodos.net
обсуждение исходный текст
Ответ на Re: [PATCH] DefaultACLs  (Peter Eisentraut <peter_e@gmx.net>)
Ответы Re: [PATCH] DefaultACLs
Список pgsql-hackers
Дерево обсуждения 
Peter Eisentraut wrote: <blockquote cite="mid:200907231254.45451.peter_e@gmx.net" type="cite"><pre wrap="">On Thursday
23July 2009 06:26:05 Petr Jelinek wrote: </pre><blockquote type="cite"><pre wrap="">I'd still like to have opinion from
oneof the commiters on "the
 
VIEW problem" which also affects grant on all patch ( see
<a class="moz-txt-link-freetext"
href="http://archives.postgresql.org/pgsql-hackers/2009-07/msg00957.php">http://archives.postgresql.org/pgsql-hackers/2009-07/msg00957.php</a>
)and
 
I fear "returned with feedback" might prevent that until next commit fest.   </pre></blockquote><pre wrap="">
I see potential for confusion in that GRANT ON TABLE x works if x is a base 
table or a view, but GRANT ON ALL TABLES would not affect views.  Maybe you 
need to make up a different syntax to affect only base tables, e.g., GRANT ON 
ALL BASE TABLES. </pre></blockquote><br /> That's not what I mean the problem is what is the best way of handling the
viewsin implementation itself (there were IIRC 3 possible solutions devised and I don't think we have consensus on
whichis better).<br /> In short, <br /> 1. add ACL_OBJECT_VIEW into GrantObjectType enum and track that inside code<br
/>2. create new enum with table, view, function and sequence objects in it (that works well for DefaultACLs but not for
GRANTON ALL)<br /> 3. add some boolean into GrantStmt that would indicate that relation is a view (that works for GRANT
ONALL but does not solve anything for DefaultACLs)<br /><br /> Currently DefaultACLs patch uses method 2 (because
Stephendoes not like method 1) and GRANT ON ALL patch uses method 1 and it might be better if both patches uses only
oneof those.<br /> If we went with method 1 we probably should just ditch GrantObjectType alltogether and work with
subsetof ObjectType as other commands do (I haven't found any reason for GrantObjectType to exist other than having
singleobject type for both TABLE and VIEW).<br /> And If we choose not to use method 1 then we should probably go with
2for DefaultACLs and 3 for GRANT ON ALL. That is unless somebody has a better solution.<br /><br /><pre
class="moz-signature"cols="72">-- 
 
Regards
Petr Jelinek (PJMODOS)</pre>

В списке pgsql-hackers по дате отправления: