TODO: GRANT/REVOKE: Allow column-level privileges

Fellow Hackers,

I've been working on this item for a little while, and I'm starting to see
some code come together. I wanted to solicit some feedback before I got
too far along to make sure I'm on the right track.

Here's a rough overview of what I've done so far:

-----------------------------------------------------------------

PARSER:

* modified parser to accept SQL column privs syntax

* created a PrivAttr Node which holds ( priv, attr[] ) pairs. Currently,
it's just a list of strings. For example, when you call...

GRANT SELECT, UPDATE (col1, col2) ON table1, table2 to grantee;

... the parser creates a list of Nodes:

("select", NIL), ("update", ("col1", "col2"))

SYSTEM CATALOG:

* add "attacl aclinfo[]" column to pg_attribute table and Form_pg_attribute.
* add OID column to pg_attribute. This permits dependencies to be
registered correctly in pg_shdepend.
* populated attacl column in existing pg_attribute bootstrap with NULLs
* allocated an unused oid for each of the pg_attribute rows that are
bootstrapped
* created an oid index on pg_attribute

* modified ExecuteGrantStmt to handle the PrivAttr structure instead of
the list of strings
* modified ExecuteGrantStmt to do a nested loop over all
(column,relation) pairs in the GRANT and find oids for all of the
attributes.

PSQL COMMAND LINE:

* display column privileges with "\d+ table"

STILL LEFT TO DO:

* implement ExecGrant_Attribute() to modify pg_attribute
* verify query against column privileges in addition to table privileges
* register dependencies
* pg_dump column privileges

-----------------------------------------------------------------

I'd welcome any feedback on the design changes I've made, or any other
potential snags I should watch out for.

Thanks.

--
kevin brintnall =~ <kbrint(at)rufus(dot)net>