Re: [PATCH] DefaultACLs

From: Petr Jelinek <pjmodos(at)pjmodos(dot)net>
To: Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Jan Urban'ski <wulczer(at)wulczer(dot)org>, Josh Berkus <josh(at)agliodbs(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: [PATCH] DefaultACLs
Date: 2009-10-02 16:53:58
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

Petr Jelinek napsal(a):
> Robert Haas napsal(a):
>> I'm going to reiterate what I suggested upthread... let's let the
>> default, global default ACL contain the hard-wired privileges, instead
>> of making them hardwired. Then your objects will get those privileges
>> not because they are hard-wired, but because you haven't changed your
>> global default ACL to not contain them.
> That's somewhat how I implemented it although not just on global level
> but in any single filter, what we now have as defaults (before this
> patch) is used as template for default acls and you can revoke it. You
> just can't revoke anything you granted anywhere in the default acls chain.

Reminds me I forgot to adjust the docs. Attached patch fixes that (no
other changes).

Petr Jelinek (PJMODOS)

Attachment Content-Type Size
defacl-2009-10-02.diff.gz application/x-tar 21.8 KB

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2009-10-02 16:58:29 Re: latest hstore patch
Previous Message David E. Wheeler 2009-10-02 16:47:21 Re: latest hstore patch