From: | Marko Kreen <markokr(at)gmail(dot)com> |
---|---|
To: | Postgres Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | [RFC] grants vs. inherited tables |
Date: | 2011-12-29 18:04:49 |
Message-ID: | 20111229180449.GA24276@gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Hello,
I tried to generalize a function that creates partitions
for a table and found out it's impossible to do it for grants.
Basically, what I want is a child table that takes it's grants
from parent table. IMHO quite reasonable request. But I don't
see a way to do it in pl/pgsql. (Writing parser in plpgsql
for aclitemout() output does not count.)
The form for the create statement is:
CREATE TABLE part (
[pre-9.0] LIKE parent INCLUDING INDEXES INCLUDING CONSTRAINTS
[9.0+] LIKE parent INCLUDING ALL -- skips grants
) INHERITS (parent);
Unless I'm missing something obvious, there is no way to take grants
from parent table.
My suggestions:
1) Have 'GRANTS' option for LIKE. Seems obvious.
2) Include 'GRANTS' option in 'ALL'. Also obvious.
3) Have a way to format aclitem into something
that can used to create GRANT statement easily. Eg:
pg_get_privilege_info(
IN priv aclitem,
OUT rolename text,
OUT privlist text[],
OUT privlist_with_grant_option text[]);
This allows doing complex introspection in pl/pgsql
and also helps tools that want to re-create table structure
in other databases.
Although 1)+2) and 3) seem like alternatives, I suggest doing all of them,
thus improving GRANT usage across the board.
Comments?
--
marko
NB: this mail is about designing and accepting TODO-items.
I might do them myself sometime, but I don't mind if anyone
implements them before me..
From | Date | Subject | |
---|---|---|---|
Next Message | Alvaro Herrera | 2011-12-29 18:12:50 | Re: [RFC] grants vs. inherited tables |
Previous Message | Kevin Grittner | 2011-12-29 17:08:43 | Re: 16-bit page checksums for 9.2 |