Skip site navigation (1) Skip section navigation (2)

Re: [PATCH] DefaultACLs

From: Petr Jelinek <pjmodos(at)pjmodos(dot)net>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: Robert Haas <robertmhaas(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Jan Urbański <wulczer(at)wulczer(dot)org>, Josh Berkus <josh(at)agliodbs(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: [PATCH] DefaultACLs
Date: 2009-09-29 07:56:20
Message-ID: 4AC1BDA4.2070004@pjmodos.net (view raw or flat)
Thread:
Lists: pgsql-hackers
Stephen Frost napsal(a):
> * Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
>   
>>> One potential trouble spot is that presumably the built-in default
>>> privileges (eg, PUBLIC EXECUTE for functions) would *not* cumulate
>>> with user-specified defaults.
>>>       
>> Why not?
>>     
>
> How would you have a default that says "I *don't* want public execute on
> my new functions"?
>   

This is actually problem that applies to whole Robert's proposal. How 
would you define you don\t want insert on new tables in schema when you 
granted it for whole database. I don't think any kind of mixing of 
different default privileges is a good idea. I was thinking about 
rejecting creation of conflicting default privileges but that would be 
impossible to detect before object creation which is too late.

-- 
Regards
Petr Jelinek (PJMODOS)

In response to

pgsql-hackers by date

Next:From: Dave PageDate: 2009-09-29 07:57:35
Subject: Re: pg_hba.conf: samehost and samenet [REVIEW]
Previous:From: Petr JelinekDate: 2009-09-29 07:42:58
Subject: Re: [PATCH] DefaultACLs

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group