| From: | Josh Berkus <josh(at)agliodbs(dot)com> |
|---|---|
| To: | Greg Stark <stark(at)enterprisedb(dot)com> |
| Cc: | "David E(dot) Wheeler" <david(at)kineticode(dot)com>, Dimitri Fontaine <dfontaine(at)hi-media(dot)com>, Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org, Stephen Frost <sfrost(at)snowman(dot)net>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Andrew Gierth <andrew(at)tao11(dot)riddles(dot)org(dot)uk> |
| Subject: | Re: search_path improvements WAS: search_path vs extensions |
| Date: | 2009-05-29 21:52:59 |
| Message-ID: | 4A20593B.3030502@agliodbs.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Greg,
> Do we really? The only reason people are having trouble managing their
> search_path is because they're not using it as intended and putting
> things in lots of different schemas that they intend to all be
> visible.
Apparently you've never adminned a database with hundreds (or thousands)
of stored procedures.
Sometimes one needs to use schemas just for namespacing (they are called
"namespaces" after all), and not for security or visibility.
In fact, I'd argue that that is one of the problems with the whole
schema concept: it's three things at once.
> I'm actually not sure if we should allow extensions to be installed
> into separate schemas. If you do then it means we can't detect
> conflicts. A module might refer to an object intending to get its
> local object but end up getting some object from some other module
> depending on how the user set up his search_path.
I agree with this. Eliminating module naming conflicts is a good in itself.
From a DBA and database designer perspective, the missing functionality
from being able to do everything with schema that I want are listed
below. It's been my experience that the awkwardness of managing
search_path has caused a *lot* of our users to ignore schema as a
feature and not use schema when they otherwise should.
a) the ability to "push" a schema onto the current search path
b) the ability to "pull" a schema off the current search path
c) the ability as superuser to have my own "special schema" which are
always in the search path, as pg_catalog and $user_temp are.*
d) the ability as superuser to "lock" specific role so that they can't
change their search path**
e) having roles somehow inherit search_path on a SET ROLE***
* if you're not sure why someone would want this, consider
information_schema. If your application depends on I_S to work, how do
you make sure it's always in every user's search_path?
** think about the number of security exploits around search_path we
could protect against if we had this.
*** this is the same issue as it is with resource management (i.e.
work_mem). However, it's particularly apt for search_path; imagine a
database with an "accounting" schema and a user who belongs to both the
"accounting" and the "HR" roles.
--
Josh Berkus
PostgreSQL Experts Inc.
www.pgexperts.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Josh Berkus | 2009-05-29 21:58:18 | Re: search_path vs extensions |
| Previous Message | Hannu Krosing | 2009-05-29 21:47:16 | Re: bytea vs. pg_dump |