| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Jaime Casanova <jcasanov(at)systemguards(dot)com(dot)ec>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Abhijit Menon-Sen <ams(at)oryx(dot)com>, Alvaro Herrera <alvherre(at)commandprompt(dot)com>, Jaime Casanova <systemguards(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Column level privileges was:(Re: Extending grant insert on tables to sequences) |
| Date: | 2008-09-17 14:32:22 |
| Message-ID: | 20080917143222.GA16005@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Jaime,
* Stephen Frost (sfrost(at)snowman(dot)net) wrote:
> * Jaime Casanova (jcasanov(at)systemguards(dot)com(dot)ec) wrote:
> > On 7/25/08, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> > > Yes, I'm working on it
> >
> > hi, any work on it? may i help?
>
> If you look at the commitfest, I've posted my WIP so far there. Most of
> the grammer, parser, and catalog changes are there. There's a couple of
> bugs in that code that I'm working to run down but otherwise I think
> it's pretty good. I do need to add in the dependency tracking as well
> though, and that's what I'm planning to work on next.
I've now added dependency tracking and worked out a few kinks in the
code, both existing previously and from adding the dep tracking. I'd
really like to simplify things in aclchk.c, perhaps by factoring out
more common bits into functional pieces, but it's been kind of a bear so
far.
The dependency tracking is being done by continuing to treat the table
as a single entity and just figuring out the total set (including all
column-level permissions) of roles for the entire table, rather than
introducing the sub-object concept. This requires a bit of extra effort
when doing DDLs and GRANTs but simplifies the dependency tracking
itself, especially since we have to keep track of both table-level
permissions and column-level permissions seperately.
I'm open to other suggestions/comments. If people feel the sub-object
is a better approach, it would get somewhat more awkward because we'd
have to handle the relation-level dependencies as well as the
column-level ones. Not impossible to do, of course, but a bit more
complicated than how it was done originally.
> A piece which can be broken off pretty easily is adding support to track
> the columns used through to the executor so we can check the permissions
> in the right place.
Jamie, have you had a chance to work on this? It's next on my list and
I'll start working on it tonight unless you've had a chance to get to
it. Please let me know.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2008-09-17 14:36:46 | Re: Autovacuum and Autoanalyze |
| Previous Message | Heikki Linnakangas | 2008-09-17 14:30:47 | Re: New FSM patch |