Re: GRANT/REVOKE: Allow column-level privileges
| От | William ZHANG |
|---|---|
| Тема | Re: GRANT/REVOKE: Allow column-level privileges |
| Дата | |
| Msg-id | dram58$28ot$2@news.hub.org обсуждение исходный текст |
| Ответ на | TODO: GRANT/REVOKE: Allow column-level privileges (kevin brintnall <kbrint@rufus.net>) |
| Ответы |
Re: GRANT/REVOKE: Allow column-level privileges
|
| Список | pgsql-hackers |
I think we should pay attention to the sematic of table privs and column
privs.
Here is some examples.
1. role1 GRANT table priviledge SELECT on table S to role2. role1 REVOKE column priviledge SELECT on column S(SNO)
fromrole2.
2. deal with circles in GRANT graph.
"kevin brintnall" <kbrint@rufus.net> wrote
> Fellow Hackers,
>
> I've been working on this item for a little while, and I'm starting to see
> some code come together. I wanted to solicit some feedback before I got
> too far along to make sure I'm on the right track.
>
> Here's a rough overview of what I've done so far:
>
> -----------------------------------------------------------------
>
> PARSER:
>
> * modified parser to accept SQL column privs syntax
>
> * created a PrivAttr Node which holds ( priv, attr[] ) pairs. Currently,
> it's just a list of strings. For example, when you call...
>
> GRANT SELECT, UPDATE (col1, col2) ON table1, table2 to grantee;
>
> ... the parser creates a list of Nodes:
>
> ("select", NIL), ("update", ("col1", "col2"))
>
> SYSTEM CATALOG:
>
> * add "attacl aclinfo[]" column to pg_attribute table and
Form_pg_attribute.
> * add OID column to pg_attribute. This permits dependencies to be
> registered correctly in pg_shdepend.
> * populated attacl column in existing pg_attribute bootstrap with NULLs
> * allocated an unused oid for each of the pg_attribute rows that are
> bootstrapped
> * created an oid index on pg_attribute
>
> * modified ExecuteGrantStmt to handle the PrivAttr structure instead of
> the list of strings
> * modified ExecuteGrantStmt to do a nested loop over all
> (column,relation) pairs in the GRANT and find oids for all of the
> attributes.
>
> PSQL COMMAND LINE:
>
> * display column privileges with "\d+ table"
>
> STILL LEFT TO DO:
>
> * implement ExecGrant_Attribute() to modify pg_attribute
> * verify query against column privileges in addition to table privileges
> * register dependencies
> * pg_dump column privileges
>
> -----------------------------------------------------------------
>
> I'd welcome any feedback on the design changes I've made, or any other
> potential snags I should watch out for.
>
> Thanks.
>
> --
> kevin brintnall =~ <kbrint@rufus.net>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: don't forget to increase your free space map settings
>
В списке pgsql-hackers по дате отправления: