| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Simon Riggs <simon(at)2ndQuadrant(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Privileges and inheritance |
| Date: | 2009-10-05 09:30:19 |
| Message-ID: | 1254735019.25576.14.camel@fsopti579.F-Secure.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, 2009-10-05 at 09:22 +0100, Simon Riggs wrote:
> On Sat, 2009-10-03 at 09:45 +0300, Peter Eisentraut wrote:
>
> > We could use a GUC variable to ease the transition, perhaps like
> > sql_inheritance = no | yes_without_privileges | yes
>
> The original way of doing things was quite useful if you wanted some
> people to be able to see history and others just see recent data. I
> don't think many people are aware of or take advantage of that, so your
> proposal does simplify things for many people.
Wouldn't that look something like
data -- empty
data_recent INHERITS (data)
data_old INHERITS (data)
data_ancient INHERITS (data)
GRANT ... ON data_recent TO A
GRANT ... ON data_old TO B
I guess you could also do
data -- recent data
data_old INHERITS (data)
data_ancient INHERITS (data)
GRANT ... ON data TO A
GRANT ... ON data_old TO B
And then A, who has only access to the recent data, would always have to
use ONLY data to be able to do anything. That would be a pretty weird
setup. The workaround is to change it to the setup above, which you can
do with a few renames.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Riggs | 2009-10-05 09:47:54 | Re: Privileges and inheritance |
| Previous Message | KaiGai Kohei | 2009-10-05 08:59:31 | Re: Privileges and inheritance |