| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Robert Haas" <robertmhaas(at)gmail(dot)com> |
| Cc: | "Peter Eisentraut" <peter_e(at)gmx(dot)net>, "PG Hackers" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: patch: Add a separate TRUNCATE permission |
| Date: | 2008-07-29 15:08:13 |
| Message-ID: | 10976.1217344093@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
"Robert Haas" <robertmhaas(at)gmail(dot)com> writes:
> The question of using up all the bits seems purely speculative to me
> at this point. I agree that we don't want to fritter them away, but
> this is the only TODO item proposes using any of those bits. Tom's
> complaint about your patch seems to have been that it uses three of
> the five remaining ACL bits;
Yeah, exactly, and it also started us down the path of wanting a
separate permission bit for every DDL command. I don't have a
problem with the idea of just eating one bit for TRUNCATE. That
would leave us with four free out of sixteen, which hardly seems
like the usage level at which to start sounding alarm bells.
I believe it would be easy and cheap to adjust the representation
of ACLs to support 32 permissions instead of 16; so I won't cry
if we someday push past 16. Beyond that, though, things get very
much more expensive and complicated (as per the speculations in
this thread). So what I was really resisting was the notion of
"permission per DDL command" --- I don't want to go that way.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gregory Stark | 2008-07-29 15:48:46 | Re: Python 2.5 vs the buildfarm |
| Previous Message | Tom Lane | 2008-07-29 14:56:48 | Re: Python 2.5 vs the buildfarm |