From: | Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us> |
---|---|
To: | jwieck(at)debis(dot)com |
Cc: | scrappy(at)hub(dot)org, pgsql-hackers(at)postgreSQL(dot)org |
Subject: | Re: [HACKERS] pg_user "sealed" |
Date: | 1998-02-23 20:15:01 |
Message-ID: | 199802232015.PAA05978@candle.pha.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
> Since you changed ACL_WORLD_DEFAULT to ACL_NO too, there are
> now problems on \d <table> (pg_attribute: Permission denied).
> And thus I expect more problems. I think users should have
> SELECT permission on non-critical system catalogs by default.
>
> But I don't think that setting explicit GRANT's on all the
> system catalogs is a good thing. Due to the ACL parsing I
> would expect some loss of performance.
>
> So if the relname is given to acldefault() in
> utils/adt/acl.c, it can do a IsSystemRelationName() on it and
> return ACL_RD instead of ACL_WORLD_DEFAULT.
Nice solution.
--
Bruce Momjian | 830 Blythe Avenue
maillist(at)candle(dot)pha(dot)pa(dot)us | Drexel Hill, Pennsylvania 19026
+ If your life is a hard drive, | (610) 353-9879(w)
+ Christ can be your backup. | (610) 853-3000(h)
From | Date | Subject | |
---|---|---|---|
Next Message | ocie | 1998-02-23 20:15:11 | Re: pl/{perl,pgsql} (was Re: AW: [HACKERS] triggers, views and ru |
Previous Message | Jan Wieck | 1998-02-23 20:13:51 | Re: [HACKERS] Re: [COMMITTERS] 'pgsql/src/bin/initdb initdb.sh' |