Skip site navigation (1) Skip section navigation (2)

Re: New patch for Column-level privileges

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
Cc: sfrost(at)snowman(dot)net, Jaime Casanova <jcasanov(at)systemguards(dot)com(dot)ec>, Markus Wanner <markus(at)bluegap(dot)ch>, Alex Hunsaker <badalex(at)gmail(dot)com>, PostgreSQL-development Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: New patch for Column-level privileges
Date: 2009-01-13 04:16:28
Message-ID: (view raw or whole thread)
Lists: pgsql-hackers
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> writes:
> I reconsidered the previous walker implementation independent
> from other parser codes is more simple and better.

And slower, and equally subject to this bug, so I'm not convinced.

> Stephen, Tom, what is your opinion?

I'm thinking make_var is not the place to do this.  The places that are
supposed to be taking care of permissions are the ones that do this:

		/* Require read access --- see comments in setTargetTable() */
		rte->requiredPerms |= ACL_SELECT;

It's possible that we've missed some --- in particular, right at the
moment I am not sure that whole-row Vars are handled properly.
And maybe we could refactor a little bit to save some code.
But those are basically the same places that ought to be adding
bits to the column bitmaps.

			regards, tom lane

In response to


pgsql-hackers by date

Next:From: Koichi SuzukiDate: 2009-01-13 04:21:21
Subject: Re: Documenting pglesslog
Previous:From: Robert HaasDate: 2009-01-13 04:14:01
Subject: Re: Recovery Test Framework

Privacy Policy | About PostgreSQL
Copyright © 1996-2015 The PostgreSQL Global Development Group