Skip site navigation (1) Skip section navigation (2)

[RFC] grants vs. inherited tables

From: Marko Kreen <markokr(at)gmail(dot)com>
To: Postgres Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: [RFC] grants vs. inherited tables
Date: 2011-12-29 18:04:49
Message-ID: 20111229180449.GA24276@gmail.com (view raw or flat)
Thread:
Lists: pgsql-hackers
Hello,

I tried to generalize a function that creates partitions
for a table and found out it's impossible to do it for grants.

Basically, what I want is a child table that takes it's grants
from parent table.  IMHO quite reasonable request.  But I don't
see a way to do it in pl/pgsql.  (Writing parser in plpgsql
for aclitemout() output does not count.)

The form for the create statement is:

  CREATE TABLE part (
    [pre-9.0]    LIKE parent INCLUDING INDEXES INCLUDING CONSTRAINTS
    [9.0+]       LIKE parent INCLUDING ALL    -- skips grants
  ) INHERITS (parent);

Unless I'm missing something obvious, there is no way to take grants
from parent table.

My suggestions:

1) Have 'GRANTS' option for LIKE.  Seems obvious.

2) Include 'GRANTS' option in 'ALL'.  Also obvious.

3) Have a way to format aclitem into something
   that can used to create GRANT statement easily.  Eg:

     pg_get_privilege_info(
          IN priv aclitem,
	  OUT rolename text,
	  OUT privlist text[],
	  OUT privlist_with_grant_option text[]);

   This allows doing complex introspection in pl/pgsql
   and also helps tools that want to re-create table structure
   in other databases.

Although 1)+2) and 3) seem like alternatives, I suggest doing all of them,
thus improving GRANT usage across the board.

Comments?

-- 
marko

NB: this mail is about designing and accepting TODO-items.
I might do them myself sometime, but I don't mind if anyone
implements them before me..


Responses

pgsql-hackers by date

Next:From: Alvaro HerreraDate: 2011-12-29 18:12:50
Subject: Re: [RFC] grants vs. inherited tables
Previous:From: Kevin GrittnerDate: 2011-12-29 17:08:43
Subject: Re: 16-bit page checksums for 9.2

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group