| From: | Zeugswetter Andreas SB <ZeugswetterA(at)wien(dot)spardat(dot)at> |
|---|---|
| To: | "'Tom Lane'" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | AW: Reimplementing permission checks for rules |
| Date: | 2000-09-29 17:19:42 |
| Message-ID: | 11C1E6749A55D411A9670001FA687963368099@sdexcsrv1.f000.d0188.sd.spardat.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> What I'm thinking about doing is eliminating the "skipAcl" RTE field
> and instead adding an Oid field named something like "checkAclAs".
> The semantics of this field would be "if zero, check access
> permissions
> for this table using the current effective userID; but if not zero,
> check access permissions as if you are this userID". Then the rule
> rewriter would do no access permission checks of its own, but would
> set this field appropriately in RTEs that it adds to queries. All the
> actual permissions checking would happen in one place in the executor.
>
> Comments? Is this a general enough mechanism, and does it fit well
> with the various setUID tricks that people are thinking about?
Sounds good, and a step in the right direction.
Andreas
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2000-09-29 17:24:44 | New unified regression test driver |
| Previous Message | Peter Eisentraut | 2000-09-29 17:04:36 | Re: Database log |