|From:||Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>|
|To:||Vik Fearing <vik(at)postgresfriends(dot)org>|
|Subject:||Re: Setting ACL|
|Views:||Raw Message | Whole Thread | Download mbox | Resend email|
Vik Fearing <vik(at)postgresfriends(dot)org> writes:
> I have a few questions about setting acl on SQL level.
> Is it safe to do something like
> UPDATE pg_class SET relacl = $1 WHERE oid = $2;
> I don't think it is because ExecGrant_* call updateAclDependencies after
> they do the update and my own update would not do that. But is it safe
> to do my update if I'm not touching anything in pg_global?
Well, it'll work, but the system won't know about the role references
in this ACL item, so for instance dropping the role wouldn't make the
ACL go away. Which might cause you dump/reload issues later.
> And finally, would there be any interest in a function like
> aclset("char", oid, aclitem) and does this properly?
Not really, when GRANT is already there ...
regards, tom lane
|Next Message||David Steele||2020-03-03 18:10:26||PG14 target version?|
|Previous Message||David Steele||2020-03-03 17:55:38||Re: [HACKERS] [PATCH] Generic type subscripting|