From:
Stephen Frost <sfrost(at)snowman(dot)net>
To:
Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc:
"Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com>,Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>,Andrew Dunstan <andrew(at)dunslane(dot)net>, kleptog(at)svana(dot)org,simon(at)2ndquadrant(dot)com, gsstark(at)mit(dot)edu, pg(at)rbt(dot)ca,zhouqq(at)cs(dot)toronto(dot)edu, pgsql-hackers(at)postgresql(dot)org
Subject:
Re: [Bizgres-general] WAL bypass for INSERT, UPDATE and
Date:
2006-01-03 18:30:56
Message-ID:
20060103183056.GR6026@ns.snowman.net (view raw or flat )
Thread:
2005-12-22 14:31:33 from Simon Riggs <simon(at)2ndquadrant(dot)com>
2005-12-22 17:12:04 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2005-12-22 20:10:54 from Simon Riggs <simon(at)2ndquadrant(dot)com>
2006-01-03 13:08:46 from Simon Riggs <simon(at)2ndquadrant(dot)com>
2005-12-22 18:37:51 from "Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com>
2005-12-22 18:38:45 from "Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com>
2005-12-22 20:18:26 from Martijn van Oosterhout <kleptog(at)svana(dot)org>
2005-12-22 22:13:03 from Simon Riggs <simon(at)2ndquadrant(dot)com>
2005-12-22 22:36:25 from Stephen Frost <sfrost(at)snowman(dot)net>
2005-12-23 10:18:43 from Simon Riggs <simon(at)2ndquadrant(dot)com>
2005-12-22 23:52:38 from "Qingqing Zhou" <zhouqq(at)cs(dot)toronto(dot)edu>
2005-12-23 00:05:10 from "Qingqing Zhou" <zhouqq(at)cs(dot)toronto(dot)edu>
2005-12-23 00:29:29 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2005-12-23 00:53:04 from "Qingqing Zhou" <zhouqq(at)cs(dot)toronto(dot)edu>
2005-12-23 04:31:07 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2005-12-24 02:37:42 from Qingqing Zhou <zhouqq(at)cs(dot)toronto(dot)edu>
2005-12-24 03:00:39 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2005-12-24 03:29:50 from Qingqing Zhou <zhouqq(at)cs(dot)toronto(dot)edu>
2005-12-24 03:41:42 from Greg Stark <gsstark(at)mit(dot)edu>
2005-12-24 03:50:57 from "Qingqing Zhou" <zhouqq(at)cs(dot)toronto(dot)edu>
2005-12-24 04:06:21 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2005-12-24 07:01:17 from Greg Stark <gsstark(at)mit(dot)edu>
2005-12-27 17:07:29 from "Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com>
2005-12-27 22:41:57 from Hannu Krosing <hannu(at)skype(dot)net>
2005-12-28 00:30:12 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2005-12-24 04:19:01 from Rod Taylor <pg(at)rbt(dot)ca>
2005-12-24 08:23:42 from Martijn van Oosterhout <kleptog(at)svana(dot)org>
2005-12-24 15:16:52 from Greg Stark <gsstark(at)mit(dot)edu>
2005-12-24 15:32:29 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2005-12-26 12:03:27 from Simon Riggs <simon(at)2ndquadrant(dot)com>
2005-12-26 12:22:12 from Martijn van Oosterhout <kleptog(at)svana(dot)org>
2005-12-26 16:00:51 from Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
2005-12-27 18:20:29 from Martijn van Oosterhout <kleptog(at)svana(dot)org>
2005-12-27 22:47:31 from Hannu Krosing <hannu(at)skype(dot)net>
2005-12-28 08:50:26 from Martijn van Oosterhout <kleptog(at)svana(dot)org>
2005-12-29 01:58:14 from Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
2005-12-29 03:05:30 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2005-12-29 04:09:21 from Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
2005-12-29 13:19:45 from Simon Riggs <simon(at)2ndquadrant(dot)com>
2005-12-29 14:35:27 from Rod Taylor <pg(at)rbt(dot)ca>
2005-12-29 15:10:40 from Simon Riggs <simon(at)2ndquadrant(dot)com>
2005-12-29 16:12:11 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2005-12-29 16:37:39 from Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
2005-12-30 13:09:12 from Simon Riggs <simon(at)2ndquadrant(dot)com>
2005-12-30 14:53:33 from "Andrew Dunstan" <andrew(at)dunslane(dot)net>
2005-12-30 14:57:06 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2005-12-30 17:39:21 from Andrew Dunstan <andrew(at)dunslane(dot)net>
2005-12-30 17:58:15 from Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
2006-01-03 15:58:34 from "Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com>
2006-01-03 16:26:51 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2006-01-03 16:43:25 from "Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com>
2006-01-03 16:48:01 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2006-01-03 17:08:05 from Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
2006-01-03 21:16:55 from "Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com>
2006-01-03 21:20:47 from Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
2006-01-03 21:27:50 from "Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com>
2006-01-03 22:38:25 from Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
2006-01-03 23:23:54 from Simon Riggs <simon(at)2ndquadrant(dot)com>
2006-01-04 01:16:19 from Josh Berkus <josh(at)agliodbs(dot)com>
2006-01-04 04:24:09 from Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
2006-01-03 23:10:16 from Simon Riggs <simon(at)2ndquadrant(dot)com>
2005-12-30 16:49:59 from Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
2005-12-30 19:28:41 from Simon Riggs <simon(at)2ndquadrant(dot)com>
2005-12-30 21:14:49 from Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
2005-12-30 22:36:24 from Greg Stark <gsstark(at)mit(dot)edu>
2005-12-30 22:46:45 from Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
2005-12-30 23:04:33 from Greg Stark <gsstark(at)mit(dot)edu>
2005-12-30 23:09:00 from Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
2005-12-30 22:50:21 from Simon Riggs <simon(at)2ndquadrant(dot)com>
2005-12-30 22:52:49 from Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
2006-01-01 01:02:24 from August Zajonc <augustz(at)augustz(dot)com>
2005-12-31 11:59:44 from "Michael Paesold" <mpaesold(at)gmx(dot)at>
2006-01-03 23:58:09 from Simon Riggs <simon(at)2ndquadrant(dot)com>
2006-01-03 22:53:53 from Simon Riggs <simon(at)2ndquadrant(dot)com>
2006-01-05 17:22:28 from Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
2006-01-04 00:11:55 from Simon Riggs <simon(at)2ndquadrant(dot)com>
2006-01-05 17:27:05 from Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
2006-01-05 21:56:21 from Simon Riggs <simon(at)2ndquadrant(dot)com>
2006-02-04 03:29:48 from Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
2006-02-07 00:07:57 from Simon Riggs <simon(at)2ndquadrant(dot)com>
2006-02-07 02:08:08 from Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
2006-02-07 02:24:31 from Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au>
2006-02-07 04:07:41 from Rick Gigger <rick(at)alpinenetworking(dot)com>
2006-02-07 04:13:59 from Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
2006-02-07 06:51:13 from Rick Gigger <rick(at)alpinenetworking(dot)com>
2006-02-07 09:40:37 from Simon Riggs <simon(at)2ndquadrant(dot)com>
2006-02-08 01:44:24 from Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au>
2006-02-08 02:00:51 from "Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com>
2006-02-07 02:27:45 from Doug McNaught <doug(at)mcnaught(dot)org>
2005-12-29 16:14:37 from "Andrew Dunstan" <andrew(at)dunslane(dot)net>
2005-12-29 16:05:42 from Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
2005-12-29 16:24:28 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2006-01-03 15:45:21 from "Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com>
2006-01-03 16:21:37 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-01-03 16:29:02 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2006-01-03 16:38:52 from "Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com>
2006-01-03 16:55:15 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-01-03 16:54:01 from Stephen Frost <sfrost(at)snowman(dot)net>
2006-01-03 17:37:32 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2006-01-03 18:30:56 from Stephen Frost <sfrost(at)snowman(dot)net>
2005-12-29 17:20:32 from Greg Stark <gsstark(at)mit(dot)edu>
2005-12-29 17:30:49 from Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
2005-12-24 14:18:17 from Simon Riggs <simon(at)2ndquadrant(dot)com>
Lists:
pgsql-hackers
* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> I don't find this use-case particularly convincing. If the users are
> allowed to delete all data in a given table, then that table must be
> dedicated to them anyway; so it's not that easy to see why you can't
> risk giving them ownership rights on it. The worst they can do is
> screw up their own data, no?
Being able to delete all data in a given table in no way implies
ownership rights. The tables are part of a specification which the
users are being asked to respond to. Being able to change the table
types or remove the constraints put on the tables would allow the
users to upload garbage which would then affect downstream processing.
We can't guarentee this won't happen anyway but we try to confine the
things they can mess up to a reasonable set which we can check for (and
do, through a rather involved error checking system). There are *alot*
of things built on top of the table structures and having them change
would basically break the whole system (without the appropriate changes
being made to the other parts of the system).
> In any case, I don't see what's so wrong with the model of using
> SECURITY DEFINER interface functions when you want a security
> restriction that's finer-grain than the system provides. I really
> *don't* want to see us trying to, say, categorize every variety of
> ALTER TABLE as a separately grantable privilege. I could live with
> something like a catchall "ADMIN" privilege ... except it's not
> clear how that would differ from ownership.
I don't think anyone's asked for 'ALTER TABLE' privileges to be
seperately grantable. It seems to me that the privileges which *need*
to be grantable are ones associated with DML statements. I would
classify TRUNCATE, VACUUM and ANALYZE as DML statements (along with
select, insert, update, and delete). They're PostgreSQL-specific DML
statements but they still fall into that category. I don't think
it's a coincidence that the SQL-defined DML statements are all,
individually, grantable.
That doesn't mean I think we should get rid of RULE, REFERENCES or
TRIGGER, though honestly I've very rarely needed to grant any of them
(I don't think I've ever granted RULE or TRIGGER...). References is
DDL-oriented, but for *other* tables; RULE and TRIGGER are DDL and I
can't really justify why someone other than the owner would need them
but I'm guessing someone's using them. I don't think their existance
should imply that if we ever change the grants again we have to include
all types of 'ALTER TABLE', etc, though.
Thanks,
Stephen
In response to
pgsql-hackers by date
Next :From: Alfranio Correia JuniorDate: 2006-01-03 19:11:14Subject : Re: HOOKS for Synchronous Replication?Previous :From : Tom LaneDate : 2006-01-03 18:21:52Subject : Re: Why don't we allow DNS names in pg_hba.conf?
