Skip site navigation (1) Skip section navigation (2)

Re: [PATCH] Largeobject access controls

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: [PATCH] Largeobject access controls
Date: 2009-08-28 14:52:16
Message-ID: 8797.1251471136@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> writes:
> The attached patch provides access control features on largeobject.
> This patch adds the ownership and two permissions (SELECT and UPDATE) on
> largeobjects. The two permissions controls reader and writer accesses to
> the largeobejcts.

What about DELETE permissions?  Should we track that separately from
UPDATE?

> The CREATE USER/ROLE statement got a new option: LARGEOBJECT/NOLARGEOBJECT.
> It enables to controls whether the user can create a largeobject, or not.

I don't think this is necessary or appropriate.

> The pg_largeobject system catalog is reworked to manage its metadata.
> Actual data chunks are stored in the toast relation of pg_largeobject,

This seems like a very confusing design, and one that (a) breaks
existing code to no purpose, (b) will greatly complicate in-place
upgrade.  Instead of abusing a toast relation to do something
nonstandard, keep pg_largeobject as it is now and add a new, separate
catalog that carries ownership and permissions info for each LO OID.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Kevin GrittnerDate: 2009-08-28 15:02:01
Subject: Re: phypot - Pygmy Hippotause ?
Previous:From: Werner EchezuriaDate: 2009-08-28 14:39:49
Subject: Re: return a set of records

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group