| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Noah Misch <noah(at)leadboat(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Ignore tablespace ACLs when ignoring schema ACLs |
| Date: | 2017-02-05 17:46:41 |
| Message-ID: | 13553.1486316801@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Noah Misch <noah(at)leadboat(dot)com> writes:
> DefineIndex() has a check_rights argument that determines whether to perform a
> namespace ACL check. When ALTER TABLE ALTER TYPE rebuilds an index, it sets
> that flag. The theory goes that use of DROP INDEX and CREATE INDEX is a mere
> implementation detail of ALTER TABLE ALTER TYPE; the operation is logically like
> an alteration of the existing index. I think the same treatment should extend
> to the tablespace ACL check, as attached.
Seems generally reasonable.
Is there any likely use-case for providing separate control flags for the
two permission checks? That would require an API change for DefineIndex,
making this considerably more invasive, so I'm not pushing for it ---
just think it's worth asking the question before proceeding.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2017-02-05 17:51:09 | Re: Index corruption with CREATE INDEX CONCURRENTLY |
| Previous Message | Andrew Borodin | 2017-02-05 16:04:32 | Re: Review: GIN non-intrusive vacuum of posting tree |