Re: [PATCH] DefaultACLs

From: Petr Jelinek <pjmodos(at)pjmodos(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Jan Urbański <wulczer(at)wulczer(dot)org>, Josh Berkus <josh(at)agliodbs(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: [PATCH] DefaultACLs
Date: 2009-09-28 18:28:05
Message-ID: 4AC10035.6000505@pjmodos.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Tom Lane wrote:
> Petr Jelinek <pjmodos(at)pjmodos(dot)net> writes:
>
>> [ latest version of DefaultACLs patch ]
>>
>
> I started looking through this patch, but found that it's not nearly
> ready to commit :-(. The big missing piece is that there's no pg_dump
> support for default ACLs. That's a bigger chunk of code than I have
> time/interest to write, and I don't think I want to commit the feature
> without it. (I'm willing to commit without tab completion or any
> psql \d command to show the defaults, but pg_dump just isn't optional.)
>

Yeah I completely forgot about pg_dump just like I did with anonymous
code blocks :-(

> There is another large problem, too. The patch seems to have
> only half-baked support for global defaults (those not tied to a
> specific schema) --- it looks like you can put them in, but half
> of the code will ignore them or else fail while trying to use them.
> This isn't just a matter of a few missed cases while coding, I think.
> The generic issue that the code doesn't even think about addressing
> is which default should apply when there's potentially more than one
> applicable default? As long as there's only global and per-schema
> defaults, it's not too hard to decide that the latter take precedence
> over the former; but I have no idea what we're going to do in order
> to add any other features. This seems like a sufficiently big
> conceptual issue that it had better be resolved now, even if the first
> version of the patch doesn't really need to deal with it.
>

Half of the code will ignore them ? They are ignored if schema specific
defaults were set.
Yes I haven't tried to solve the problem of having non-hierarchical
filters for defaults and if we require that then this patch is dead for
(at least) this commitfest, because at the moment I don't even know
where to begin solving this.

> Also, the GRANT DEFAULT PRIVILEGES thing just seems completely bizarre,
> and I'm not convinced it has a sufficient use-case to justify such a
> strange wart on GRANT. I think we should drop it. Or at least it needs
> to be proposed and discussed as a separate feature. Maybe it would seem
> less strange if the syntax was "RESET PRIVILEGES ON object".
>

I vote for dropping it then.

--
Regards
Petr Jelinek (PJMODOS)

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2009-09-28 18:32:21 Re: syslog_line_prefix
Previous Message Alvaro Herrera 2009-09-28 18:13:52 Re: syslog_line_prefix