| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
| Cc: | Andrew Sullivan <ajs(at)commandprompt(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Updates of SE-PostgreSQL 8.4devel patches |
| Date: | 2008-10-15 13:55:54 |
| Message-ID: | 200810151355.m9FDts205038@momjian.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
KaiGai Kohei wrote:
> Bruce Momjian wrote:
> > I think we could use row-level access control to prevent people from
> > seeing databases they should not see in pg_database.
>
> The row-level database ACL which I submitted yesterdat does not allow
> to assign ACLs to tuples within system catalogs (like pg_database),
> because it is unclear who should be the owner of tuples.
>
> As I noted at the previous message, it considers the owner of the table
> as the owner of the tuples due to several reasons. However, some of system
> catalogs have its owner field like "pg_proc.proowner".
> This limitation is not a fundamental one, so we can remove it soon.
>
> But, who should be the owner of tuples within system catalogs which have
> some kind of "owner" field.
The Postgres super-user should be the owner of all system tables.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Zdenek Kotala | 2008-10-15 14:01:02 | Re: Problem to get the tuple of a table |
| Previous Message | Gregory Stark | 2008-10-15 13:51:37 | Re: Cross-column statistics revisited |