Re: Extending grant insert on tables to sequences

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: Jaime Casanova <jcasanov(at)systemguards(dot)com(dot)ec>, Bruce Momjian <bruce(at)momjian(dot)us>, Abhijit Menon-Sen <ams(at)oryx(dot)com>, Alvaro Herrera <alvherre(at)commandprompt(dot)com>, Jaime Casanova <systemguards(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Extending grant insert on tables to sequences
Date: 2008-09-04 00:03:54
Message-ID: 9627.1220486634@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers pgsql-patches

Stephen Frost <sfrost(at)snowman(dot)net> writes:
> * Jaime Casanova (jcasanov(at)systemguards(dot)com(dot)ec) wrote:
>> updating the patch with one that only extends inserts. though, i
>> haven't look at the col level privs patch yet.

> At least initially I wasn't planning to support column-level privileges
> for sequences, so I don't think it will affect you much. Do people
> think it makes sense to try and support that?

USAGE certainly wouldn't be column-level in any case --- it'd be a
privilege on the sequence as such. That end of it isn't the problem;
the problem is that column-level privileges on the table make it hard to
decide when to grant rights on the sequence, as I pointed out last time
round:
http://archives.postgresql.org/pgsql-hackers/2008-07/msg00624.php

> As your patch appears more ready-for-commit than the column-level
> privileges patch, I wouldn't worry about what code might have to move
> around, that'll be for me to deal with in a re-sync with HEAD once your
> patch is committed.

I think that's backwards. The above message raises serious concerns
about whether the USAGE-granting patch can be implemented at all in the
presence of column-level privileges. I think the right thing is to get
column privileges in and then see if it's possible to implement
USAGE-granting compatibly. I don't want to commit a patch that is
clearly going to be broken when (not if) column privileges arrive.

I note also that no response was given to my worries about pg_dump
behavior.

In short, this patch isn't much more ready to commit than it was
in the last fest.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Stephen Frost 2008-09-04 00:30:52 Re: pg_dump roles support
Previous Message Alvaro Herrera 2008-09-04 00:01:33 Re: [PATCH] Cleanup of GUC units code

Browse pgsql-patches by date

  From Date Subject
Next Message Stephen Frost 2008-09-04 00:41:41 Re: Extending grant insert on tables to sequences
Previous Message Andrew Chernow 2008-09-03 22:10:53 Re: libpq events patch