| From: | "A(dot)M(dot)" <agentm(at)themactionfaction(dot)com> |
|---|---|
| To: | PostgreSQL General <pgsql-general(at)postgresql(dot)org> |
| Subject: | Using aclitem[] at application layer |
| Date: | 2011-01-10 23:51:27 |
| Message-ID: | 6A7619AE-6BD2-4E6E-B04C-3F2D49833933@themactionfaction.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hello,
In an attempt to implement ACLs at the application layer (for resources stored outside of the database), I am evaluating using aclitem[] as a column type. All the functions I would need seem to be in place: aclcontains, aclexplode, aclinsert, aclitemeq, aclitemin, aclitemout, aclremove, but they are conspicuously missing from the documentation (http://www.mail-archive.com/pgsql-patches(at)postgresql(dot)org/msg03400.html), so I wonder if there are any caveats or hurdles which would make me consider writing my own type.
From a cursory examination, it looks like the limitations would be:
1) roles must refer to postgresql roles (that's fine for my case)
2) permission options are hardcoded to "arwdDxtXUCTc" (not so great)
Are there any other problems I would encounter?
Cheers,
M
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2011-01-11 00:21:18 | Re: Using aclitem[] at application layer |
| Previous Message | Craig Ringer | 2011-01-10 23:25:59 | Re: migrate hashname function from 8.1.x to 8.4 |