Quick Links

Re: Role Attribute Bitmask Catalog Representation

From:	Adam Brightwell <adam(dot)brightwell(at)crunchydatasolutions(dot)com>
To:	Andres Freund <andres(at)anarazel(dot)de>
Cc:	PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: Role Attribute Bitmask Catalog Representation
Date:	2014-11-25 17:11:46
Message-ID:	CAKRt6CQ4rSqJp8TUgaRxxHsBcCWsczfqeqdb8BN13L_Y5sTYLw@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Andres,

Thanks for the feedback.

> * int64 (C) to int8 (SQL) mapping for genbki.
>
> That definitely should be a separate patch. Which can be committed much
> earlier than the rest - even if we don't actually end up needing it for
> this feature, it's still good to have it.

Agreed. I had previously submitted this as a separate patch, but I think
it got lost in the weeds. At any rate, here is the relevant post:

http://www.postgresql.org/message-id/CAKRt6CTgJdeGFqXevrp-DizaeHmg8gNVqu8n5T=ix3JAvpwwDQ@mail.gmail.com

> > * replace all role attributes columns in pg_authid with single int64
> column
> > named rolattr.
> > * update CreateRole and AlterRole to use rolattr.
> > * update all has_*_privilege functions to check rolattr.
> > * builtin SQL function 'has_role_attribute' that takes a role oid and
> text
> > name of the attribute as input and returns a boolean.
>
> I think if we're going to do this - and I'm not yet convinced that
> that's the best route, we should add returns all permissions a user
> has. Right now that's quite easily queryable, but it won't be after
> moving everything into one column. You'd need to manually use all has_*_
> functions... Yes, you've added them already to pg_roles, but there's
> sometimes good reasons to go to pg_authid instead.
>

This is a good point. I'll start looking at this and see what I can come
up with.

An array representation was also suggested by Simon (
http://www.postgresql.org/message-id/CA+U5nMJGVdz6jX_YBJk99Nj7mWfGfVEmxtdc44LVHq64gkN8qg@mail.gmail.com).
Obviously there are pro's and con's to either approach. I'm not married to
it, but felt that a bitmask was certainly more efficient. However, I know
that an array would be more extensible given that we could envision more
than 64 role attributes. I'm uncertain if that is a potential reality or
not, but I believe it is certainly worth considering.

-Adam

--
Adam Brightwell - adam(dot)brightwell(at)crunchydatasolutions(dot)com
Database Engineer - www.crunchydatasolutions.com

In response to

Re: Role Attribute Bitmask Catalog Representation at 2014-11-25 00:11:14 from Andres Freund

Responses

Re: Role Attribute Bitmask Catalog Representation at 2014-11-25 17:15:58 from Stephen Frost
Re: Role Attribute Bitmask Catalog Representation at 2014-11-25 17:58:28 from Stephen Frost
Re: Role Attribute Bitmask Catalog Representation at 2014-11-25 23:01:20 from Adam Brightwell

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Stephen Frost	2014-11-25 17:14:11	Re: Additional role attributes && superuser review
Previous Message	Heikki Linnakangas	2014-11-25 17:11:36	Re: PITR failing to stop before DROP DATABASE