Skip site navigation (1) Skip section navigation (2)

Re: pre-proposal: permissions made easier

From: Jeff Davis <pgsql(at)j-davis(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: pre-proposal: permissions made easier
Date: 2009-06-28 19:52:54
Message-ID: 1246218774.23359.61.camel@jdavis (view raw or flat)
Thread:
Lists: pgsql-hackers
On Sun, 2009-06-28 at 14:56 -0400, Tom Lane wrote:
> > I meant for "foo" to be a user. "foo_ro" would be the read-only version,
> > who has a strict subset of foo's permissions.
> 
> I see.  It seems like rather a complicated (and expensive) mechanism
> for a pretty narrow use-case.  It'd only help for the cases where you
> could define your permissions requirements that way.  I agree that
> there are some such cases, but I think real-world problems tend to be
> a bit more complicated than that.  I fear people would soon want
> exceptions to the "strict subset" rule; and once you put that in,
> the conceptual simplicity disappears, as does the ability to easily
> verify what the set of GRANTs is doing.

As soon as the permissions scheme gets more complicated than what I
suggest, I agree that the user is better off just using GRANTs on a
per-object basis. You could still GRANT directly to the user foo_ro --
for instance if your reporting user needs to join against some other
table -- but that could get complicated if you take it too far.

The users I'm targeting with my idea are:
 * Users who have a fairly simple set of users and permissions, and who 
   want a simple picture of the permissions in their system for 
   reassurance/verification.
 * Users who come from MySQL every once in a while, annoyed that we
   don't support "GRANT ... *" syntax.
 * Users who are savvy enough to use access control, but don't have 
   rigorous procedures for making DDL changes. Some of these users 
   depend on an ORM or similar to make DDL changes for them, and this 
   idea gives them a workaround.
 * Users who don't currently use separate permissions, but might start 
   if it's simpler to do simple things.

Maybe I should shop this idea on -general and see how many people's
problems would actually be solved?

The performance issue is something to consider, but I think it would
just be an extra catalog lookup (for each level), and the users of this
feature would probably be willing to pay that cost.

Regards,
	Jeff Davis





In response to

Responses

pgsql-hackers by date

Next:From: David FetterDate: 2009-06-28 21:16:46
Subject: Re: pre-proposal: permissions made easier
Previous:From: Tom LaneDate: 2009-06-28 18:56:57
Subject: Re: pre-proposal: permissions made easier

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group