Skip site navigation (1) Skip section navigation (2)

Re: New patch for Column-level privileges

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
Cc: sfrost(at)snowman(dot)net, Jaime Casanova <jcasanov(at)systemguards(dot)com(dot)ec>, Markus Wanner <markus(at)bluegap(dot)ch>, Alex Hunsaker <badalex(at)gmail(dot)com>, PostgreSQL-development Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: New patch for Column-level privileges
Date: 2009-01-13 04:16:28
Message-ID: 17692.1231820188@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers 
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> writes:
> I reconsidered the previous walker implementation independent
> from other parser codes is more simple and better.

And slower, and equally subject to this bug, so I'm not convinced.

> Stephen, Tom, what is your opinion?

I'm thinking make_var is not the place to do this.  The places that are
supposed to be taking care of permissions are the ones that do this:

		/* Require read access --- see comments in setTargetTable() */
		rte->requiredPerms |= ACL_SELECT;

It's possible that we've missed some --- in particular, right at the
moment I am not sure that whole-row Vars are handled properly.
And maybe we could refactor a little bit to save some code.
But those are basically the same places that ought to be adding
bits to the column bitmaps.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Koichi SuzukiDate: 2009-01-13 04:21:21
Subject: Re: Documenting pglesslog
Previous:From: Robert HaasDate: 2009-01-13 04:14:01
Subject: Re: Recovery Test Framework

Privacy Policy | About PostgreSQL
Copyright © 1996-2013 The PostgreSQL Global Development Group