| From: | Chris Bitmead <chrisb(at)nimrod(dot)itg(dot)telstra(dot)com(dot)au> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Proposal for enhancements of privilege system |
| Date: | 2000-05-23 00:49:06 |
| Message-ID: | 3929D582.9372C87D@nimrod.itg.telecom.com.au |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Peter Eisentraut wrote:
> pg_privilege (
> priobj oid,
> prigrantor oid,
> prigrantee oid,
> priaction char,
> priisgrantable boolean,
>
> primary key (priobj, prigrantee, priaction)
> )
>
I like it.
> The straightforward choice would be to store a single reference to
> pg_class when the privilege describes the whole table, and
> pg_attribute references when only specific columns are named. That
> would mean the lookup routine will first look for a pg_class.oid entry
> and, failing that, then for possible pg_attribute.oid entries for the
> columns that it's interested in. This is of course suboptimal when no
> privilege exists in the first place but that is not necessarily the case
> we're optimizing for.
Don't worry about performance for the access denied case. That is going
to be outweighed 1000:1 by the access allowed case. Go for the clean
solution.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Chris Bitmead | 2000-05-23 00:57:12 | Re: OO Patch |
| Previous Message | Bruce Momjian | 2000-05-23 00:23:18 | Re: Proposal for enhancements of privilege system |