Skip site navigation (1) Skip section navigation (2)

Re: New Privilege model purposal

From: Karel Zak <zakkr(at)zf(dot)jcu(dot)cz>
To: Jan Wieck <JanWieck(at)Yahoo(dot)com>
Cc: Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL HACKERS <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: New Privilege model purposal
Date: 2000-07-26 07:04:21
Message-ID: Pine.LNX.3.96.1000726075242.11072A-100000@ara.zf.jcu.cz (view raw or flat)
Thread:
Lists: pgsql-hackers
On Tue, 25 Jul 2000, Jan Wieck wrote:

> Karel Zak wrote:
> >
> >  I not sure, but if I good remember nobody said somethig bad about
> > PetreE proposal for this, why you prepare new? IMHO Peter's proposal
> > was good.
> 
>     Seems  I  missed  that  discussion. Sometimes I start to drop
>     incoming eMails by subject. If then the discussion  moves  to
>     something  different  without changing the subject, you won't
>     see me on that.
> 
>     Anyway, I  haven't  found  a  complete  proposal  in  the  ML

I (mostly) have found nothing in PG's mail lists archive :-(
better is use:

http://www.deja.com/[ST_rn=fs]/group/mailing.database.pgsql-hackers

>     archive.   Consider  my proposal "derived work" from his one,
>     if it is similar and let's combine all  the  ideas  into  one
>     complete thing.

I mean will good if Peter re-posts his proposal. IMHO is not a problem
select feature for GRANT, a problem is implement it and implement it 
like SQL92.

> >  And small suggestion, we need the "GRANT ... WITH ADMIN OPTION" or
> > something like this.
> 
>     What should that do?

--- See the chapter "11.36  <grant statement>" in the SQL92 (and others
    parts of this standard). SQL92:

         <grant statement> ::=
              GRANT <privileges> ON <object name>
                TO <grantee> [ { <comma> <grantee> }... ]
                  [ WITH GRANT OPTION ]


--- "WITH ADMIN OPTION" is Oracle matter, and Oracle's manual say:

	".. allows the grantee to grant the object privileges to the
	 other user and role..."
 
 other words you can create "sub-admin" for the object, and this user 
can GRANT privilege to the other standard users.
 
 It is pretty well implement-able if all privilege will in one system 
table (pg_privilege). I mean that is not good "dirty" other system 
tables.

 The other point --- we must keep open a door to others SQL administration
features like ROLE, PROFILE. IMHO final proposal should be contain some idea 
for group/shadow rewriting and some idea about ROLE.

 Ops.. I forget, we *must* in new ACL have columns privilege. It is realy
needful in large multi-user applications. A crash point will seed :-)

 						Karel


In response to

pgsql-hackers by date

Next:From: Zeugswetter Andreas SBDate: 2000-07-26 08:20:56
Subject: AW: New Privilege model purposal
Previous:From: Chris BitmeadDate: 2000-07-26 05:56:12
Subject: Re: Inprise InterBase(R) 6.0 Now Free and Open Source

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group