From: | Petr Jelinek <pjmodos(at)pjmodos(dot)net> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Jan Urbański <wulczer(at)wulczer(dot)org>, Josh Berkus <josh(at)agliodbs(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: [PATCH] DefaultACLs |
Date: | 2009-09-28 18:28:05 |
Message-ID: | 4AC10035.6000505@pjmodos.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Tom Lane wrote:
> Petr Jelinek <pjmodos(at)pjmodos(dot)net> writes:
>
>> [ latest version of DefaultACLs patch ]
>>
>
> I started looking through this patch, but found that it's not nearly
> ready to commit :-(. The big missing piece is that there's no pg_dump
> support for default ACLs. That's a bigger chunk of code than I have
> time/interest to write, and I don't think I want to commit the feature
> without it. (I'm willing to commit without tab completion or any
> psql \d command to show the defaults, but pg_dump just isn't optional.)
>
Yeah I completely forgot about pg_dump just like I did with anonymous
code blocks :-(
> There is another large problem, too. The patch seems to have
> only half-baked support for global defaults (those not tied to a
> specific schema) --- it looks like you can put them in, but half
> of the code will ignore them or else fail while trying to use them.
> This isn't just a matter of a few missed cases while coding, I think.
> The generic issue that the code doesn't even think about addressing
> is which default should apply when there's potentially more than one
> applicable default? As long as there's only global and per-schema
> defaults, it's not too hard to decide that the latter take precedence
> over the former; but I have no idea what we're going to do in order
> to add any other features. This seems like a sufficiently big
> conceptual issue that it had better be resolved now, even if the first
> version of the patch doesn't really need to deal with it.
>
Half of the code will ignore them ? They are ignored if schema specific
defaults were set.
Yes I haven't tried to solve the problem of having non-hierarchical
filters for defaults and if we require that then this patch is dead for
(at least) this commitfest, because at the moment I don't even know
where to begin solving this.
> Also, the GRANT DEFAULT PRIVILEGES thing just seems completely bizarre,
> and I'm not convinced it has a sufficient use-case to justify such a
> strange wart on GRANT. I think we should drop it. Or at least it needs
> to be proposed and discussed as a separate feature. Maybe it would seem
> less strange if the syntax was "RESET PRIVILEGES ON object".
>
I vote for dropping it then.
--
Regards
Petr Jelinek (PJMODOS)
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2009-09-28 18:32:21 | Re: syslog_line_prefix |
Previous Message | Alvaro Herrera | 2009-09-28 18:13:52 | Re: syslog_line_prefix |