From: | Noah Misch <noah(at)leadboat(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Ignore tablespace ACLs when ignoring schema ACLs |
Date: | 2017-02-05 18:38:35 |
Message-ID: | 20170205183835.GA830889@tornado.leadboat.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Sun, Feb 05, 2017 at 12:46:41PM -0500, Tom Lane wrote:
> Noah Misch <noah(at)leadboat(dot)com> writes:
> > DefineIndex() has a check_rights argument that determines whether to perform a
> > namespace ACL check. When ALTER TABLE ALTER TYPE rebuilds an index, it sets
> > that flag. The theory goes that use of DROP INDEX and CREATE INDEX is a mere
> > implementation detail of ALTER TABLE ALTER TYPE; the operation is logically like
> > an alteration of the existing index. I think the same treatment should extend
> > to the tablespace ACL check, as attached.
>
> Seems generally reasonable.
>
> Is there any likely use-case for providing separate control flags for the
> two permission checks? That would require an API change for DefineIndex,
> making this considerably more invasive, so I'm not pushing for it ---
> just think it's worth asking the question before proceeding.
Good question. I can't think of one.
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2017-02-05 18:48:09 | Re: Ignore tablespace ACLs when ignoring schema ACLs |
Previous Message | Martín Marqués | 2017-02-05 18:34:58 | Re: Index corruption with CREATE INDEX CONCURRENTLY |