Skip site navigation (1) Skip section navigation (2)

Re: Extending grant insert on tables to sequences

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: Jaime Casanova <jcasanov(at)systemguards(dot)com(dot)ec>, Bruce Momjian <bruce(at)momjian(dot)us>, Abhijit Menon-Sen <ams(at)oryx(dot)com>, Alvaro Herrera <alvherre(at)commandprompt(dot)com>, Jaime Casanova <systemguards(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Extending grant insert on tables to sequences
Date: 2008-09-04 00:03:54
Message-ID: 9627.1220486634@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
Stephen Frost <sfrost(at)snowman(dot)net> writes:
> * Jaime Casanova (jcasanov(at)systemguards(dot)com(dot)ec) wrote:
>> updating the patch with one that only extends inserts. though, i
>> haven't look at the col level privs patch yet.

> At least initially I wasn't planning to support column-level privileges
> for sequences, so I don't think it will affect you much.  Do people
> think it makes sense to try and support that?

USAGE certainly wouldn't be column-level in any case --- it'd be a
privilege on the sequence as such.  That end of it isn't the problem;
the problem is that column-level privileges on the table make it hard to
decide when to grant rights on the sequence, as I pointed out last time
round:
http://archives.postgresql.org/pgsql-hackers/2008-07/msg00624.php
	
> As your patch appears more ready-for-commit than the column-level
> privileges patch, I wouldn't worry about what code might have to move
> around, that'll be for me to deal with in a re-sync with HEAD once your
> patch is committed.

I think that's backwards.  The above message raises serious concerns
about whether the USAGE-granting patch can be implemented at all in the
presence of column-level privileges.  I think the right thing is to get
column privileges in and then see if it's possible to implement
USAGE-granting compatibly.  I don't want to commit a patch that is
clearly going to be broken when (not if) column privileges arrive.

I note also that no response was given to my worries about pg_dump
behavior.

In short, this patch isn't much more ready to commit than it was
in the last fest.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Stephen FrostDate: 2008-09-04 00:30:52
Subject: Re: pg_dump roles support
Previous:From: Alvaro HerreraDate: 2008-09-04 00:01:33
Subject: Re: [PATCH] Cleanup of GUC units code

pgsql-patches by date

Next:From: Stephen FrostDate: 2008-09-04 00:41:41
Subject: Re: Extending grant insert on tables to sequences
Previous:From: Andrew ChernowDate: 2008-09-03 22:10:53
Subject: Re: libpq events patch

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group