From: | Jim Nasby <Jim(dot)Nasby(at)BlueTreble(dot)com> |
---|---|
To: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com>, Joel Jacobson <joel(at)trustly(dot)com> |
Cc: | Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: GRANT EXECUTE ON FUNCTION foo() TO bar(); |
Date: | 2017-02-22 14:58:42 |
Message-ID: | c2921ffd-ae90-7808-4394-93113245256f@BlueTreble.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 2/22/17 2:51 AM, Pavel Stehule wrote:
> The solution based on rights is elegant, but in this moment I cannot to
> see all possible impacts on performance - because it means new check for
> any call of any function. Maybe checking call stack can be good enough -
> I have not idea how often use case it it.
I think the simple solution to that is not to use proacl for this
purpose but to add an oidvector to pg_proc that is a list of allowed
callers. If the vector is kept sorted then it's a simple binary search.
BTW, I agree that this feature would be useful, as would PRIVATE, but
they're two separate features.
--
Jim Nasby, Data Architect, Blue Treble Consulting, Austin TX
Experts in Analytics, Data Architecture and PostgreSQL
Data in Trouble? Get it in Treble! http://BlueTreble.com
855-TREBLE2 (855-873-2532)
From | Date | Subject | |
---|---|---|---|
Next Message | Jim Nasby | 2017-02-22 15:06:38 | Re: Replication vs. float timestamps is a disaster |
Previous Message | Fabien COELHO | 2017-02-22 14:43:34 | Re: [PATCH] Suppress Clang 3.9 warnings |