| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> |
| Cc: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [PATCH] Largeobject access controls |
| Date: | 2009-08-28 15:25:36 |
| Message-ID: | 9287.1251473136@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> writes:
> Tom Lane wrote:
>> What about DELETE permissions? Should we track that separately from
>> UPDATE?
> PostgreSQL checks ownership of the database object when user tries to
> drop it. This patch also add pg_largeobject_ownercheck() on lo_unlink().
Oh, okay, that will do fine.
>>> The CREATE USER/ROLE statement got a new option: LARGEOBJECT/NOLARGEOBJECT.
>>> It enables to controls whether the user can create a largeobject, or not.
>>
>> I don't think this is necessary or appropriate.
> What should control privilege to create a new largeobject?
> Or, it implicitly allows everyone to create a new one?
We have not had any requests to keep people from creating LOs, so I
think we can just implicitly allow everyone. If we were going to try
to manage it, I don't think a role attribute is a very good solution.
It's not grantable or inheritable, it can't be managed per-database,
etc. So I'd leave this out until there's some popular demand.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kevin Grittner | 2009-08-28 15:39:47 | Re: 8.5 release timetable, again |
| Previous Message | KaiGai Kohei | 2009-08-28 15:15:44 | Re: [PATCH] Largeobject access controls |