| From: | kevin brintnall <kbrint(at)rufus(dot)net> |
|---|---|
| To: | William ZHANG <uniware(at)zedware(dot)org> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: GRANT/REVOKE: Allow column-level privileges |
| Date: | 2006-01-29 19:30:23 |
| Message-ID: | 20060129193023.GA39448@rufus.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Jan 26, 2006 at 10:25:40PM +0800, William ZHANG wrote:
>
> I think we should pay attention to the sematic of table privs and column
> privs.
> Here is some examples.
>
> 1. role1 GRANT table priviledge SELECT on table S to role2.
> role1 REVOKE column priviledge SELECT on column S(SNO) from role2.
As I understand the SQL spec, the first (table-level) GRANT you specified
would be equivalent to repeating an appropriate column-level GRANT for
every column of S. My thought was to check the column privs and apply
this logic:
if user matches an acl for the column
.. and priv is granted, then permit
.. else priv is not granted, reject
else fall through to table privileges
> 2. deal with circles in GRANT graph.
Can you give an examle for how this is any different for column-level
GRANTs?
--
kevin brintnall =~ <kbrint(at)rufus(dot)net>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jonah H. Harris | 2006-01-29 20:12:11 | Re: Want to add to contrib.... xmldbx |
| Previous Message | Tony Caduto | 2006-01-29 19:24:38 | Re: Question about postgresql-8.1.2-1-binaries-no-installer.zip(win32) |