From: | Gevik Babakhani <pgdev(at)xs4all(dot)nl> |
---|---|
To: | Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
Cc: | pgsql-hackers(at)postgresql(dot)org, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Subject: | Re: TODO Item: ACL_CONNECT |
Date: | 2006-04-24 14:05:36 |
Message-ID: | 1145887536.12809.58.camel@voyager.truesoftware.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
> Ok, good. This is what people was aiming for initially, I hope. What
> do people think, particularly those who wanted to manage pg_hba.conf via
> SQL commands?
I guess for this one more people have to play with the new
functionality.
> Without looking at the surrounding code, I'm a bit wary of the fact that
> in ReverifyMyDatabase, pg_database_aclcheck is called with GetUserId()
> but the error message is emitted with the user_name that was passed as
> parameter instead. The inconsistency could prove painful in the future;
> maybe it's OK, but if it is, you should declare it in the surrounding
> comments.
I have added proper comment for that.
-------------------------------------
I guess the next step is to check for the last ACL_CONNECT privilege as
discussed below.
> At this moment the owner of the database CAN REVOKE himself form the
> ACL_OBJECT_DATABASE. If the implementation above is acceptable then I
> can work on this one :)
Hmm, what do you want to do about it? ISTM the owner should be able to
revoke the privilege from himself ... (Maybe we could raise a WARNING
whenever anyone revokes the last CONNECT privilege to a database, so
that he can GRANT it to somebody before disconnecting.)
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2006-04-24 16:06:02 | Re: bug# 2073 - Clarification |
Previous Message | Alvaro Herrera | 2006-04-24 13:02:07 | Re: TODO Item: ACL_CONNECT |