Setting ACL

From: Vik Fearing <vik(at)postgresfriends(dot)org>
To: PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Setting ACL
Date: 2020-03-03 17:48:10
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

I have a few questions about setting acl on SQL level.

Is it safe to do something like
UPDATE pg_class SET relacl = $1 WHERE oid = $2;

I don't think it is because ExecGrant_* call updateAclDependencies after
they do the update and my own update would not do that. But is it safe
to do my update if I'm not touching anything in pg_global?

If it is not safe, is there any point in keeping around makeaclitem()?
I see no use for it except for manually setting an acl column like
above, and it gives people a false sense of security (or at least it did
for me).

And finally, would there be any interest in a function like
aclset("char", oid, aclitem[]) and does this properly?

My use case is I have a simple view and a simple function that both
provide a wrapper over a table, and I want to have an event trigger that
updates their acls when the user does a GRANT/REVOKE on the base table.
Vik Fearing


Browse pgsql-hackers by date

  From Date Subject
Next Message David Steele 2020-03-03 17:55:38 Re: [HACKERS] [PATCH] Generic type subscripting
Previous Message David Steele 2020-03-03 17:39:03 Re: row filtering for logical replication