| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | pgsql-hackers(at)postgresql(dot)org, Golden Liu <goldenliu(at)gmail(dot)com> |
| Subject: | Re: [HACHERS] privilege check: column level only? |
| Date: | 2007-06-05 13:56:45 |
| Message-ID: | 46656B9D.40707@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Peter Eisentraut wrote:
> Am Dienstag, 5. Juni 2007 06:39 schrieb Golden Liu:
>
>> According to this, column privilege descriptors are created automatically
>> while table privilege descriptor is created. Then, while checking
>> privilege, can I JUST check column level privilege?
>>
>
> While possible, for performance reasons it would probably be unwise. Needs
> checking.
>
We can possibly infer their existence according to the table level
privileges in certain cases. But it's not clear to me how that will
work when we change the table level privileges, nor how it works with
revoked privileges. Do we have any provision for negative privileges? If
not, do we need them?
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2007-06-05 14:04:44 | CREATEROLE, CREATEDB |
| Previous Message | Teodor Sigaev | 2007-06-05 12:51:23 | Re: GIN, XLogInsert and MarkBufferDirty |