| From: | Petr Jelinek <pjmodos(at)pjmodos(dot)net> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Jan Urbański <wulczer(at)wulczer(dot)org>, Josh Berkus <josh(at)agliodbs(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCH] DefaultACLs |
| Date: | 2009-09-29 07:56:20 |
| Message-ID: | 4AC1BDA4.2070004@pjmodos.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Stephen Frost napsal(a):
> * Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
>
>>> One potential trouble spot is that presumably the built-in default
>>> privileges (eg, PUBLIC EXECUTE for functions) would *not* cumulate
>>> with user-specified defaults.
>>>
>> Why not?
>>
>
> How would you have a default that says "I *don't* want public execute on
> my new functions"?
>
This is actually problem that applies to whole Robert's proposal. How
would you define you don\t want insert on new tables in schema when you
granted it for whole database. I don't think any kind of mixing of
different default privileges is a good idea. I was thinking about
rejecting creation of conflicting default privileges but that would be
impossible to detect before object creation which is too late.
--
Regards
Petr Jelinek (PJMODOS)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dave Page | 2009-09-29 07:57:35 | Re: pg_hba.conf: samehost and samenet [REVIEW] |
| Previous Message | Petr Jelinek | 2009-09-29 07:42:58 | Re: [PATCH] DefaultACLs |