Re: [PATCH] Largeobject access controls

On Tue, Sep 22, 2009 at 7:23 AM, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> wrote:
>
>> another one, is it possible for us to have a CREATE LARGE OBJECT
>> statement?
>> the reason for this is:
>> 1) it is a little ugly to use the OID in ALTER/GRANT/REVOKE
>> statements, in a create statement we can assign a name to the LO
>> 2) it could be more consistent with other ALTER/GRANT/REVOKE that acts
>> over objects created with CREATE while large objects are created via
>> lo_import() which makes obvious that are just records in meta-data
>> table (hope this is understandable)
>
> It is not difficult to implement the named-largeobejct.
>
> However, the matter is whether it is really wanted feature to decorate
> a largeobject, or not.

yeah! i don't think this will be implemented soon nor that you had to
do it... just want to mention it for later discussion because it seems
like natural evolution of the feature

>
>>> It adds a new guc variable to turn on/off compatible behavior in
>>> largeobejct access controls.
>>>
>>>  largeobject_compat_dac = [on | off] (default: off)
>>>
>>> If the variable is turned on, all the new access control features
>>> on largeobjects are bypassed, as if v8.4.x or prior did.
>>
>> the GUC works as intended
>> but i don't like the name, it is not very meaningful for those of us
>> that doesn't know what DAC or MAC are...
>
> Do you think the "largeobject_compat_acl" is a meaningful name, instead?
>

maybe something like "largeobject_security_controls"?

>> another point, you really have to put the GUC in the postgresql.conf
>> file if you hope people know about it ;)
>> it is not documented either
>
> I'll add a description about the GUC at the document.
> Is it also necessary to add postgresql.conf.sample??
>

i think so, it's a compatibility issue so it must be easily findable
(don't know if that word actually exists, though :)

>> About the code...
>> - I don't like the name pg_largeobject_meta why not pg_largeobject_acl
>> (put here any other name you like)? or there was a reason for that
>> choose?
>
> My preference is a pair of pg_largeobject and pg_largeobject_data (which
> has an identical structure to the current pg_largeobject).
>
> However, it seems to me the pg_largeobject_acl is an incorrect name,
> because it also contains the owner identifier which is a part of metadata,
> but not an acl.
>

have anyone better ideas about the name? if not, then go with
pg_largeobject_meta

--
Atentamente,
Jaime Casanova
Soporte y capacitación de PostgreSQL
Asesoría y desarrollo de sistemas
Guayaquil - Ecuador
Cel. +59387171157