Re: column level privileges

From: sanjay sharma <sanksh(at)hotmail(dot)com>
To: Andrew Dunstan <andrew(at)dunslane(dot)net>
Cc: PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: column level privileges
Date: 2008-04-03 00:21:42
Message-ID: BAY116-W13D8CA8A191B5F0B58CE86C3F70@phx.gbl
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers


It would be great help to me, and I am sure for many other people too who are working with security solutions, if this feature is released as patch before 8.4 release.

Sanjay Sharma> Date: Tue, 1 Apr 2008 22:02:30 -0400> From: andrew(at)dunslane(dot)net> To: sanksh(at)hotmail(dot)com> CC: pgsql-hackers(at)postgresql(dot)org> Subject: Re: [HACKERS] column level privileges> > > > The earliest will be 8.4, which is many many months away.> > It should be possible to produce a patch for 8.3 if you're interested.> > cheers> > andrew> > sanjay sharma wrote:> > Hello Andrew,> > > > When do you expect this patch to go in production and available for > > public use? I would keep an eye for its release.> > > > Sanjay Sharma> >> > > Date: Tue, 1 Apr 2008 18:40:24 -0400> > > From: andrew(at)dunslane(dot)net> > > To: pgsql-hackers(at)postgresql(dot)org> > > Subject: [HACKERS] column level privileges> > >> > >> > > Apologies if this gets duplicated - original seems to have been dropped> > > due to patch size - this time I am sending it gzipped.> > >> > > cheers> > >> > > andrew> > >> > > -------- Original Message --------> > > Subject: column level privileges> > > Date: Tue, 01 Apr 2008 08:32:25 -0400> > > From: Andrew Dunstan <andrew(at)dunslane(dot)net>> > > To: Patches (PostgreSQL) <pgsql-patches(at)postgresql(dot)org>> > >> > >> > >> > > This patch by Golden Lui was his work for the last Google SoC. I was > > his> > > mentor for the project. I have just realised that he didn't send his> > > final patch to the list.> > >> > > I guess it's too late for the current commit-fest, but it really needs> > > to go on a patch queue (my memory on this was jogged by Tom's recent> > > mention of $Subject).> > >> > > I'm going to see how much bitrot there is and see what changes are> > > necessary to get it to apply.> > >> > > cheers> > >> > > andrew> > >> > >> > > -------------> > > Here is a README for the whole patch.> > >> > > According to the SQL92 standard, there are four levels in the privilege> > > hierarchy, i.e. database, tablespace, table, and column. Most > > commercial> > > DBMSs support all the levels, but column-level privilege is hitherto> > > unaddressed in the PostgreSQL, and this patch try to implement it.> > >> > > What this patch have done:> > > 1. The execution of GRANT/REVOKE for column privileges. Now only> > > INSERT/UPDATE/REFERENCES privileges are supported, as SQL92 specified.> > > SELECT privilege is now not supported. This part includes:> > > 1.1 Add a column named 'attrel' in pg_attribute catalog to store> > > column privileges. Now all column privileges are stored, no matter> > > whether they could be implied from table-level privilege.> > > 1.2 Parser for the new kind of GRANT/REVOKE commands.> > > 1.3 Execution of GRANT/REVOKE for column privileges. Corresponding> > > column privileges will be added/removed automatically if no column is> > > specified, as SQL standard specified.> > > 2. Column-level privilege check.> > > Now for UPDATE/INSERT/REFERENCES privilege, privilege check will be> > > done ONLY on column level. Table-level privilege check was done in the> > > function InitPlan. Now in this patch, these three kind of privilege are> > > checked during the parse phase.> > > 2.1 For UPDATE/INSERT commands. Privilege check is done in the> > > function transformUpdateStmt/transformInsertStmt.> > > 2.2 For REFERENCES, privilege check is done in the function> > > ATAddForeignKeyConstraint. This function will be called whenever a> > > foreign key constraint is added, like create table, alter table, etc.> > > 2.3 For COPY command, INSERT privilege is check in the function> > > DoCopy. SELECT command is checked in DoCopy too.> > > 3. While adding a new column to a table using ALTER TABLE command, set> > > appropriate privilege for the new column according to privilege already> > > granted on the table.> > > 4. Allow pg_dump and pg_dumpall to dump in/out column privileges.> > > 5. Add a column named objsubid in pg_shdepend catalog to record ACL> > > dependencies between column and roles.> > > 6. modify the grammar of ECPG to support column level privileges.> > > 7. change psql's \z (\dp) command to support listing column privileges> > > for tables and views. If \z(\dp) is run with a pattern, column> > > privileges are listed after table level privileges.> > > 8. Regression test for column-level privileges. I changed both> > > privileges.sql and expected/privileges.out, so regression check is now> > > all passed.> > >> > > Best wishes> > > Dong> > > --> > > Guodong Liu> > > Database Lab, School of EECS, Peking University> > > Room 314, Building 42, Peking University, Beijing, 100871, China> > >> > >> >> >> > ------------------------------------------------------------------------> > Exclusive Marriage Proposals! Find UR life partner at Shaadi.com Try > > it! <http://ss1.richmedia.in/recurl.asp?pid=430>> > -- > Sent via pgsql-hackers mailing list (pgsql-hackers(at)postgresql(dot)org)> To make changes to your subscription:> http://www.postgresql.org/mailpref/pgsql-hackers
_________________________________________________________________
Tried the new MSN Messenger? It’s cool! Download now.
http://messenger.msn.com/Download/Default.aspx?mkt=en-in

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Bruce Momjian 2008-04-03 00:33:16 Re: [PATCHES] psql slash# command
Previous Message Andrew Dunstan 2008-04-03 00:15:49 Re: modules