From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Vik Fearing <vik(at)postgresfriends(dot)org> |
Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Setting ACL |
Date: | 2020-03-03 18:25:30 |
Message-ID: | 7262.1583259930@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Vik Fearing <vik(at)postgresfriends(dot)org> writes:
> Ok, so not safe. Should we remove makeaclitem() then?
Well, I wouldn't recommend poking values into an ACL with it,
but it seems like it has potential use in queries too, say
select * from pg_class
where makeaclitem('joe'::regrole, 'bob'::regrole, 'select', false) = any(relacl);
However, that certainly leaves a lot to be desired because
in practical cases you wouldn't only be interested in
exact matches. I suppose the has_foo_privilege series of
functions would cover some of that territory though.
> So I have to manually do a diff of the two acls and generate
> GRANT/REVOKE statements? That's not encouraging. :(
The case of just blindly copying one object's ACL to another
object seems kind of limited. I could see providing some more
general facility for that sort of operation, but I'm not quite
sure what it should look like.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Alvaro Herrera | 2020-03-03 18:29:26 | Re: Symbolic names for the values of typalign and typstorage |
Previous Message | Vik Fearing | 2020-03-03 18:13:04 | Re: Setting ACL |