| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | Jeff Davis <pgsql(at)j-davis(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, David Fetter <david(at)fetter(dot)org>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: pre-proposal: permissions made easier |
| Date: | 2009-06-29 17:27:14 |
| Message-ID: | 4A48F972.70800@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Jeff Davis wrote:
> On Mon, 2009-06-29 at 12:55 -0400, Tom Lane wrote:
>
>> I think it has to be looked at in comparison to more general
>> prospective-permissions schemes;
>>
>
> When I searched google for "prospective permissions", all I found were
> links to messages in this thread ;)
>
> Can you refer me to a general prospective-permissions scheme that is
> more widely accepted? Being more widely accepted also has the benefit
> that users will feel more comfortable with the behavior.
>
>
>
Think of MySQL's wildcard permissions. They apply to any object whether
that object is created before or after the rule is set, AIUI. That means
the wildcard pattern is applied at the time the permission rule is
referenced, rather than when the rule is created, thus applying it
prospectively.
It's a feature many users would like to have, although, as Tom rightly
points out, it can be a bit of a footgun if used carelessly.
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2009-06-29 17:33:07 | Re: pg_restore -t table concerns |
| Previous Message | Tom Lane | 2009-06-29 17:25:03 | Re: pg_restore -t table concerns |