Re: [GENERAL] column-level update privs + lock table
| От | Robert Haas |
|---|---|
| Тема | Re: [GENERAL] column-level update privs + lock table |
| Дата | |
| Msg-id | AANLkTikcxSX-Ghc+=_uAuR9nBqSwOySTL-T=zoJCqroN@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: [GENERAL] column-level update privs + lock table (Josh Kupershmidt <schmiddy@gmail.com>) |
| Список | pgsql-hackers |
On Tue, Nov 30, 2010 at 9:07 AM, Josh Kupershmidt <schmiddy@gmail.com> wrote: > On Mon, Nov 29, 2010 at 10:06 PM, Robert Haas <robertmhaas@gmail.com> wrote: >> On Mon, Nov 29, 2010 at 9:37 PM, Josh Kupershmidt <schmiddy@gmail.com> wrote: >>> I actually hadn't thought of that, for some reason. >>> >>> We used to similarly recommend that people handle TRUNCATE privileges >>> with a security definer function. That doesn't mean GRANT TRUNCATE >>> wasn't a sweet addition to 8.4. >> >> Hmm, glad you like it (I wrote that). I'm just asking how far we >> should go before we decide we catering to use cases that are too >> narrow to warrant an extension of the permissions system. > > I am slightly opposed to adding GRANTs for LOCK TABLE, ANALYZE, > VACUUM, etc. The GRANT help page is long enough already, and I doubt > many users would use them, even though I might use GRANT LOCK TABLE > myself. You'd really probably want GRANT LOCK TABLE (SHARE), GRANT LOCK TABLE (EXCLUSIVE), ... It'd be sort of cool, but it doesn't seem worth the complexity. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
В списке pgsql-hackers по дате отправления: