| From: | Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | brandys(at)eng3(dot)hep(dot)uiuc(dot)edu (todd brandys) |
| Cc: | scrappy(at)hub(dot)org, pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Re: [HACKERS] Re: New pg_pwd patch and stuff |
| Date: | 1998-01-15 21:05:54 |
| Message-ID: | 199801152105.QAA16348@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
>
> > As for the pg_privileges relation and whatnot...is this something we want
> > for v6.3 (can it be done in 2weeks?) or wait until after v6.3 is released?
>
> I don't think (realistically) that such a task could be done in two weeks. No.
> Rather, we should wait until after release 6.3, and then maybe spend some time
> debating on what the pg_privileges table should look like. After the table is
> created (the easy part), then it becomes a hunt to find all the places where
> privileges are checked and change to the code in these spot (not too bad really).
> Finally, we have to develop the code for governing column permissions (this is
> the most difficult part of the project). The query processor must be changed
> to check the permissions of each column in all commands.
>
> This would be a tall order for two weeks. Especially, to be certain that we
> had a consensus among the hacker community that what was being done was being
> done in the best way possible.
I believe doing permissions on VIEWS would be much simpler than
column-level permissions. That way, you create the view with the
columns you need, and give that to the user.
--
Bruce Momjian
maillist(at)candle(dot)pha(dot)pa(dot)us
| From | Date | Subject | |
|---|---|---|---|
| Next Message | The Hermit Hacker | 1998-01-15 21:10:37 | Re: [HACKERS] CBAC (content based access control), OIDs, auto fields |
| Previous Message | Bruce Momjian | 1998-01-15 21:03:19 | Re: [HACKERS] CBAC (content based access control), OIDs, auto fields |