Skip site navigation (1) Skip section navigation (2)

Re: [PATCH] DefaultACLs

From: Petr Jelinek <pjmodos(at)pjmodos(dot)net>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: Robert Haas <robertmhaas(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Jan Urbański <wulczer(at)wulczer(dot)org>, Josh Berkus <josh(at)agliodbs(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: [PATCH] DefaultACLs
Date: 2009-09-29 07:56:20
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
Stephen Frost napsal(a):
> * Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
>>> One potential trouble spot is that presumably the built-in default
>>> privileges (eg, PUBLIC EXECUTE for functions) would *not* cumulate
>>> with user-specified defaults.
>> Why not?
> How would you have a default that says "I *don't* want public execute on
> my new functions"?

This is actually problem that applies to whole Robert's proposal. How 
would you define you don\t want insert on new tables in schema when you 
granted it for whole database. I don't think any kind of mixing of 
different default privileges is a good idea. I was thinking about 
rejecting creation of conflicting default privileges but that would be 
impossible to detect before object creation which is too late.

Petr Jelinek (PJMODOS)

In response to

pgsql-hackers by date

Next:From: Dave PageDate: 2009-09-29 07:57:35
Subject: Re: pg_hba.conf: samehost and samenet [REVIEW]
Previous:From: Petr JelinekDate: 2009-09-29 07:42:58
Subject: Re: [PATCH] DefaultACLs

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group