Skip site navigation (1) Skip section navigation (2)

Re: New patch for Column-level privileges

From: Markus Wanner <markus(at)bluegap(dot)ch>
To: PostgreSQL-development Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: New patch for Column-level privileges
Date: 2009-01-04 17:29:45
Message-ID: 4960F209.2060700@bluegap.ch (view raw or flat)
Thread:
Lists: pgsql-hackers
Hello Stephen,

Stephen Frost wrote:
> I'm going to look into it but it's a bit complicated.  I was hoping
> someone who's more familiar with those parts would be able to look at
> it.

Good to hear. I've just been asking, because it remained unclear to me.

> I don't think that's the right approach, but I'll look into it.  I ran
> into a similiar issue though, and I don't believe it's too hard to fix
> (the issue here is that the REVOKE needs to remove the column-level grant
> as well).  I'll try and look into it tonight or tomorrow.

Cool, because that's the biggest issue, IMO.

>> test=# GRANT UPDATE(xmin) ON test TO joe;
>> GRANT
>> test=# GRANT INSERT(xmin) ON test TO joe;
>> GRANT
> 
> Hmm, ok, that's easy enough to fix.
> 
>> [ Note that user joe can INSERT or UPDATE tuples of relation test even
>> without those column level privileges, as long as he is allowed to
>> INSERT or UPDATE the affected non-hidden columns. ]
> 
> Right, that's correct.  You don't need table-level permissions so long
> as you have permissions on the columns you're trying to select/modify.

I was trying to check, if these privileges on hidden columns have any
effect. So far I didn't encounter any, except for SELECT.

>> Some minor nit-picks: some lines exceed 80 columns, multi-line comments
>> don't follow coding standards.
> 
> Hrmpf.  I'll go back and review the coding standards..  I don't recall
> that 80 column was a fixed limit.

Hm.. sorry, looks like it's not mentioned in the docu. I'm pretty sure
pgindent strips lines to something below 80 columns, though. (And I'm
personally used to terminals with exactly 80 cols, so everything longer
than  is not easy to my eyes, thus the complaint. Don't bother much).

>> BTW: how are long constant strings expected to be formatted? Are those
>> allowed to exceed 80 columns, or are they expected to be split like so
>> (i.e. for errmsg):
>>
>>   "Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed "
>>   "do eiusmod tempor incididunt ut labore et dolore magna aliqua."
> 
> Honestly, I think I've seen both done.

Yeah, that's why I'm asking.

Regards

Markus Wanner


In response to

Responses

pgsql-hackers by date

Next:From: Simon RiggsDate: 2009-01-04 17:44:21
Subject: Re: parallel restore
Previous:From: Andrew DunstanDate: 2009-01-04 17:28:22
Subject: Re: parallel restore

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group