Re: [sepgsql 2/3] Add db_schema:search permission checks

On 15 January 2013 20:28, Kohei KaiGai <kaigai@kaigai.gr.jp> wrote:

> This patch adds sepgsql support for permission checks equivalent
> to the existing SCHEMA USE privilege.
>
> This feature is constructed on new OAT_SCHEMA_SEARCH event
> type being invoked around pg_namespace_aclcheck().

Can you explain the exact detailed rationale behind this patch? Like
URLs or other info that explains *why* we are doing this, what
problems it causes if we don't, etc?

Otherwise there is no reference point for a review. Other patch types
like new features have syntax we can discuss and check, performance
patches have measurements we can check. With this, it is just "we add
some checks". No idea if that is all the places we need, or whether
there is a better way of doing this, or whether anyone cares if we do
this or not.

(Same comment for patch 3/3)

-- Simon Riggs                   http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services