Re: Copying Permissions

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Corey Huinker <corey(dot)huinker(at)gmail(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>, PostgreSQL <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Copying Permissions
Date: 2016-11-10 14:45:32
Message-ID: 20161110144532.GE13284@tamriel.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Corey,

* Corey Huinker (corey(dot)huinker(at)gmail(dot)com) wrote:
> I think allowing users to receive and send serialized relacl values (which
> is what I *think* you're asking about here) is only slightly less icky, and

That isn't actually what I was suggesting.

> presents a backward compatibility issue. Those issues go away if the ACL is
> contained in an existing object, or exists only for the life of a
> statement. In which case I think you're suggesting something like this:

Right- an existing 'object'.

What I was suggesting is that we have, for lack of a better word,
'profiles'- which are essentially complete, named, aclitem arrays. That
way, we aren't tying this to an existing object in the system but rather
making it a top-level object on its own, in a manner akin to how the
default privileges system contains acitem arrays which are not
associated with an object.

Consider:

CREATE PROFILE joe_select GRANT SELECT ON TABLES TO joe;
ALTER DEFAULT PRIVILEGES IN SCHEMA joes PROFILE joe_select;
ALTER TABLE joe SET PROFILE joe_select;

etc.

The other question this brings up, as I think I mentioned before, is
this: is this a one-time copy of that 'profile'? What if the profile
is later changed?

For my 2c, I kind of like the idea that an update to the profile would
cause the privileges to be effectivly changed for all objects using that
profile, though that may mean we end up with a different kind of
implementation than what you proposed of just copying the relacl.

Generally speaking, setting a profile should be the purview of the owner
of the object, imv. We would also have to consider if objects can have
both a profile and independently granted accesses. I'm thinking the
answer to that is probably 'yes'.

Thanks!

Stephen

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Mithun Cy 2016-11-10 14:59:45 Re: Patch: Implement failover on libpq connect level.
Previous Message Tom Lane 2016-11-10 14:44:00 Re: Bug in comparison of empty jsonb arrays to scalars