Re: New Privilege model purposal

Поиск
Список
Период
Сортировка
От Karel Zak
Тема Re: New Privilege model purposal
Дата
Msg-id Pine.LNX.3.96.1000726075242.11072A-100000@ara.zf.jcu.cz
обсуждение исходный текст
Ответ на Re: New Privilege model purposal  (JanWieck@t-online.de (Jan Wieck))
Список pgsql-hackers
Дерево обсуждения 
On Tue, 25 Jul 2000, Jan Wieck wrote:

> Karel Zak wrote:
> >
> >  I not sure, but if I good remember nobody said somethig bad about
> > PetreE proposal for this, why you prepare new? IMHO Peter's proposal
> > was good.
> 
>     Seems  I  missed  that  discussion. Sometimes I start to drop
>     incoming eMails by subject. If then the discussion  moves  to
>     something  different  without changing the subject, you won't
>     see me on that.
> 
>     Anyway, I  haven't  found  a  complete  proposal  in  the  ML

I (mostly) have found nothing in PG's mail lists archive :-(
better is use:

http://www.deja.com/[ST_rn=fs]/group/mailing.database.pgsql-hackers

>     archive.   Consider  my proposal "derived work" from his one,
>     if it is similar and let's combine all  the  ideas  into  one
>     complete thing.

I mean will good if Peter re-posts his proposal. IMHO is not a problem
select feature for GRANT, a problem is implement it and implement it 
like SQL92.

> >  And small suggestion, we need the "GRANT ... WITH ADMIN OPTION" or
> > something like this.
> 
>     What should that do?

--- See the chapter "11.36  <grant statement>" in the SQL92 (and others   parts of this standard). SQL92:
        <grant statement> ::=             GRANT <privileges> ON <object name>               TO <grantee> [ { <comma>
<grantee>}... ]                 [ WITH GRANT OPTION ]
 


--- "WITH ADMIN OPTION" is Oracle matter, and Oracle's manual say:
".. allows the grantee to grant the object privileges to the other user and role..."other words you can create
"sub-admin"for the object, and this user 
 
can GRANT privilege to the other standard users.It is pretty well implement-able if all privilege will in one system 
table (pg_privilege). I mean that is not good "dirty" other system 
tables.
The other point --- we must keep open a door to others SQL administration
features like ROLE, PROFILE. IMHO final proposal should be contain some idea 
for group/shadow rewriting and some idea about ROLE.
Ops.. I forget, we *must* in new ACL have columns privilege. It is realy
needful in large multi-user applications. A crash point will seed :-)
                        Karel

В списке pgsql-hackers по дате отправления: