From: | kevin brintnall <kbrint(at)rufus(dot)net> |
---|---|
To: | pgsql-hackers(at)postgresql(dot)org |
Subject: | TODO: GRANT/REVOKE: Allow column-level privileges |
Date: | 2006-01-20 23:26:41 |
Message-ID: | 20060120232641.GA58498@rufus.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Fellow Hackers,
I've been working on this item for a little while, and I'm starting to see
some code come together. I wanted to solicit some feedback before I got
too far along to make sure I'm on the right track.
Here's a rough overview of what I've done so far:
-----------------------------------------------------------------
PARSER:
* modified parser to accept SQL column privs syntax
* created a PrivAttr Node which holds ( priv, attr[] ) pairs. Currently,
it's just a list of strings. For example, when you call...
GRANT SELECT, UPDATE (col1, col2) ON table1, table2 to grantee;
... the parser creates a list of Nodes:
("select", NIL), ("update", ("col1", "col2"))
SYSTEM CATALOG:
* add "attacl aclinfo[]" column to pg_attribute table and Form_pg_attribute.
* add OID column to pg_attribute. This permits dependencies to be
registered correctly in pg_shdepend.
* populated attacl column in existing pg_attribute bootstrap with NULLs
* allocated an unused oid for each of the pg_attribute rows that are
bootstrapped
* created an oid index on pg_attribute
* modified ExecuteGrantStmt to handle the PrivAttr structure instead of
the list of strings
* modified ExecuteGrantStmt to do a nested loop over all
(column,relation) pairs in the GRANT and find oids for all of the
attributes.
PSQL COMMAND LINE:
* display column privileges with "\d+ table"
STILL LEFT TO DO:
* implement ExecGrant_Attribute() to modify pg_attribute
* verify query against column privileges in addition to table privileges
* register dependencies
* pg_dump column privileges
-----------------------------------------------------------------
I'd welcome any feedback on the design changes I've made, or any other
potential snags I should watch out for.
Thanks.
--
kevin brintnall =~ <kbrint(at)rufus(dot)net>
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2006-01-21 00:09:46 | Re: TODO: GRANT/REVOKE: Allow column-level privileges |
Previous Message | Tom Lane | 2006-01-20 22:58:33 | Re: panic on 7.3 |