Re: New patch for Column-level privileges

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Jaime Casanova <jcasanov(at)systemguards(dot)com(dot)ec>, Markus Wanner <markus(at)bluegap(dot)ch>, Alex Hunsaker <badalex(at)gmail(dot)com>, PostgreSQL-development Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: New patch for Column-level privileges
Date: 2009-01-14 18:43:06
Message-ID: 20090114184306.GM4656@tamriel.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

KaiGai,

* KaiGai Kohei (kaigai(at)ak(dot)jp(dot)nec(dot)com) wrote:
> The attached patch put invocations of markColumnForSelectPriv()
> at transformJoinUsingClause() to mark those columns are used.

Thanks for the update!

Attached is a patch which:

- incorporates KaiGai's latest patches to deal with JOINs and
NATURAL JOINs

- adds regression tests following Tom's suggestion to check
whole-row vars in the face of column add/deletes

- adds regression tests for NATURAL JOIN and successful JOINs
with table sub-sets

- reworks pg_attribute_aclmask() to remove the looping component

- adds a new pg_attribute_aclcheck_all() to handle the ANY/ALL
needs of execMain and the looping

- removes special handling of system columns, they can still be
granted/revoked, but they won't be included in ANY/ALL tests and a
table-wide REVOKE won't affect them. After thinking about it for a
while, I felt this was the most sensible compromise between code
complexity, following the SQL spec, and user freedom.

- split out adding column revokes for table-level commands into a
add_col_revokes function to clean up ExecGrant_Relation a bit.

- when handling table-level revokes, skips over columns which do not
have an ACL defined, since it clearly has no effect except to force
creation of a default ACL that's just clutter.

Comments, testing, etc, most appreciated!

Thanks,

Stephen

Attachment Content-Type Size
colprivs_2009011401.diff.gz application/octet-stream 35.0 KB

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2009-01-14 18:45:11 Re: Updates of SE-PostgreSQL 8.4devel patches (r1403)
Previous Message Andrew Chernow 2009-01-14 18:11:36 Re: solaris libpq threaded build fails