From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
Subject: | Re: Removing pg_pltemplate and creating "trustable" extensions |
Date: | 2020-01-06 18:27:47 |
Message-ID: | 8636.1578335267@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> On Thu, Nov 7, 2019 at 2:13 PM Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>> I do not agree that we should just shift to using default roles instead
>> of adding new options to GRANT because of an entirely internal
>> implementation detail that we could fix (and should, as I've said for
>> probably 10 years now...).
> +1.
> I'm not sure that Tom's latest design idea is a bad one, but I
> strongly suspect that wrapping ourselves around the axle to work
> around our unwillingness to widen a 16-bit quantity to 32 bits (or a
> 32 bit quantity to 64 bits) is a bad idea. Perhaps there are also
> design ideas that we should consider, like separating "basic"
> privileges and "extended" privileges or coming up with some altogether
> new and better representation. But limiting ourselves to 4 more
> privileges ever cannot be the right solution.
So, is that actually an objection to the current proposal, or just
an unrelated rant?
If we think that a privilege bit on databases can actually add something
useful to this design, the fact that it moves us one bit closer to needing
to widen AclMode doesn't seem like a serious objection. But I don't
actually see what such a bit will buy for this purpose. A privilege bit
on a database is presumably something that can be granted or revoked by
the database owner, and I do not see that we want any such behavior for
extension installation privileges.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2020-01-06 18:39:35 | Re: could not access status of transaction |
Previous Message | Pavel Stehule | 2020-01-06 18:08:23 | Re: proposal: minscale, rtrim, btrim functions for numeric |