| From: | Petr Jelinek <pjmodos(at)pjmodos(dot)net> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Jan Urban'ski <wulczer(at)wulczer(dot)org>, Josh Berkus <josh(at)agliodbs(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCH] DefaultACLs |
| Date: | 2009-10-02 16:53:58 |
| Message-ID: | 4AC63026.2050704@pjmodos.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Petr Jelinek napsal(a):
> Robert Haas napsal(a):
>> I'm going to reiterate what I suggested upthread... let's let the
>> default, global default ACL contain the hard-wired privileges, instead
>> of making them hardwired. Then your objects will get those privileges
>> not because they are hard-wired, but because you haven't changed your
>> global default ACL to not contain them.
>
> That's somewhat how I implemented it although not just on global level
> but in any single filter, what we now have as defaults (before this
> patch) is used as template for default acls and you can revoke it. You
> just can't revoke anything you granted anywhere in the default acls chain.
Reminds me I forgot to adjust the docs. Attached patch fixes that (no
other changes).
--
Regards
Petr Jelinek (PJMODOS)
| Attachment | Content-Type | Size |
|---|---|---|
| defacl-2009-10-02.diff.gz | application/x-tar | 21.8 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2009-10-02 16:58:29 | Re: latest hstore patch |
| Previous Message | David E. Wheeler | 2009-10-02 16:47:21 | Re: latest hstore patch |