Skip site navigation (1) Skip section navigation (2)

AW: Proposal for enhancements of privilege system

From: Zeugswetter Andreas SB <ZeugswetterA(at)wien(dot)spardat(dot)at>
To: "'Peter Eisentraut'" <peter_e(at)gmx(dot)net>
Cc: "'PostgreSQL Development'" <pgsql-hackers(at)postgresql(dot)org>
Subject: AW: Proposal for enhancements of privilege system
Date: 2000-05-30 11:39:17
Message-ID: 219F68D65015D011A8E000006F8590C604AF7DB3@sdexcsrv1.f000.d0188.sd.spardat.at (view raw or flat)
Thread:
Lists: pgsql-hackers
> > Imho this is an area where it does make sense to look at what other
> > db's do, because it makes the toolwriters life so much easier if pg
> > behaves like some other common db.
> 
> The defined interface to the privilege system is GRANT, REVOKE, and
> "access denied" (and a couple of INFORMATION_SCHEMA views, 
> eventually).
> I don't see how other db's play into this.

Of course the grant revoke is the same. But administrative tools usually
allow you to dump schema, all rights, triggers ... for an object and thus
need 
access to the system tables containing the grants.

> 
> > Other db's usually use a char array for priaction and don't have
> > priisgrantable, but code it into priaction. Or they use a bitfield.
> > This has the advantage of only producing one row per table.
> 
> That's the price I'm willing to pay for abstraction, 
> extensibility, and
> verifyability. But I'm open for better ideas.

Imho this is an area that is extremly sensitive to performance,
the rights have to be checked for each access.

Andreas

Responses

pgsql-hackers by date

Next:From: Karel ZakDate: 2000-05-30 11:46:09
Subject: Re: AW: Proposal for enhancements of privilege system
Previous:From: Philip WarnerDate: 2000-05-30 11:35:21
Subject: Rename database?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group