From: | Vik Fearing <vik(at)postgresfriends(dot)org> |
---|---|
To: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Setting ACL |
Date: | 2020-03-03 17:48:10 |
Message-ID: | 92b32615-e775-a21e-701e-573191f93822@postgresfriends.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
I have a few questions about setting acl on SQL level.
Is it safe to do something like
UPDATE pg_class SET relacl = $1 WHERE oid = $2;
?
I don't think it is because ExecGrant_* call updateAclDependencies after
they do the update and my own update would not do that. But is it safe
to do my update if I'm not touching anything in pg_global?
If it is not safe, is there any point in keeping around makeaclitem()?
I see no use for it except for manually setting an acl column like
above, and it gives people a false sense of security (or at least it did
for me).
And finally, would there be any interest in a function like
aclset("char", oid, aclitem[]) and does this properly?
My use case is I have a simple view and a simple function that both
provide a wrapper over a table, and I want to have an event trigger that
updates their acls when the user does a GRANT/REVOKE on the base table.
--
Vik Fearing
From | Date | Subject | |
---|---|---|---|
Next Message | David Steele | 2020-03-03 17:55:38 | Re: [HACKERS] [PATCH] Generic type subscripting |
Previous Message | David Steele | 2020-03-03 17:39:03 | Re: row filtering for logical replication |