Skip site navigation (1) Skip section navigation (2)

Re: pre-proposal: permissions made easier

From: Andrew Dunstan <andrew(at)dunslane(dot)net>
To: Jeff Davis <pgsql(at)j-davis(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, David Fetter <david(at)fetter(dot)org>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: pre-proposal: permissions made easier
Date: 2009-06-29 17:27:14
Message-ID: 4A48F972.70800@dunslane.net (view raw or flat)
Thread:
Lists: pgsql-hackers

Jeff Davis wrote:
> On Mon, 2009-06-29 at 12:55 -0400, Tom Lane wrote:
>   
>> I think it has to be looked at in comparison to more general
>> prospective-permissions schemes; 
>>     
>
> When I searched google for "prospective permissions", all I found were
> links to messages in this thread ;)
>
> Can you refer me to a general prospective-permissions scheme that is
> more widely accepted? Being more widely accepted also has the benefit
> that users will feel more comfortable with the behavior.
>
>
>   

Think of MySQL's wildcard permissions. They apply to any object whether 
that object is created before or after the rule is set, AIUI. That means 
the wildcard pattern is applied at the time the permission rule is 
referenced, rather than when the rule is created, thus applying it 
prospectively.

It's a feature many users would like to have, although, as Tom rightly 
points out, it can be a bit of a footgun if used carelessly.

cheers

andrew

In response to

Responses

pgsql-hackers by date

Next:From: Andrew DunstanDate: 2009-06-29 17:33:07
Subject: Re: pg_restore -t table concerns
Previous:From: Tom LaneDate: 2009-06-29 17:25:03
Subject: Re: pg_restore -t table concerns

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group