| From: | Markus Wanner <markus(at)bluegap(dot)ch> |
|---|---|
| To: | PostgreSQL-development Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: New patch for Column-level privileges |
| Date: | 2009-01-04 17:29:45 |
| Message-ID: | 4960F209.2060700@bluegap.ch |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hello Stephen,
Stephen Frost wrote:
> I'm going to look into it but it's a bit complicated. I was hoping
> someone who's more familiar with those parts would be able to look at
> it.
Good to hear. I've just been asking, because it remained unclear to me.
> I don't think that's the right approach, but I'll look into it. I ran
> into a similiar issue though, and I don't believe it's too hard to fix
> (the issue here is that the REVOKE needs to remove the column-level grant
> as well). I'll try and look into it tonight or tomorrow.
Cool, because that's the biggest issue, IMO.
>> test=# GRANT UPDATE(xmin) ON test TO joe;
>> GRANT
>> test=# GRANT INSERT(xmin) ON test TO joe;
>> GRANT
>
> Hmm, ok, that's easy enough to fix.
>
>> [ Note that user joe can INSERT or UPDATE tuples of relation test even
>> without those column level privileges, as long as he is allowed to
>> INSERT or UPDATE the affected non-hidden columns. ]
>
> Right, that's correct. You don't need table-level permissions so long
> as you have permissions on the columns you're trying to select/modify.
I was trying to check, if these privileges on hidden columns have any
effect. So far I didn't encounter any, except for SELECT.
>> Some minor nit-picks: some lines exceed 80 columns, multi-line comments
>> don't follow coding standards.
>
> Hrmpf. I'll go back and review the coding standards.. I don't recall
> that 80 column was a fixed limit.
Hm.. sorry, looks like it's not mentioned in the docu. I'm pretty sure
pgindent strips lines to something below 80 columns, though. (And I'm
personally used to terminals with exactly 80 cols, so everything longer
than is not easy to my eyes, thus the complaint. Don't bother much).
>> BTW: how are long constant strings expected to be formatted? Are those
>> allowed to exceed 80 columns, or are they expected to be split like so
>> (i.e. for errmsg):
>>
>> "Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed "
>> "do eiusmod tempor incididunt ut labore et dolore magna aliqua."
>
> Honestly, I think I've seen both done.
Yeah, that's why I'm asking.
Regards
Markus Wanner
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Riggs | 2009-01-04 17:44:21 | Re: parallel restore |
| Previous Message | Andrew Dunstan | 2009-01-04 17:28:22 | Re: parallel restore |