From: | KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: [PATCH] Largeobject access controls |
Date: | 2009-08-28 15:15:44 |
Message-ID: | 4A97F4A0.3040507@kaigai.gr.jp |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Tom Lane wrote:
> KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> writes:
>> The attached patch provides access control features on largeobject.
>> This patch adds the ownership and two permissions (SELECT and UPDATE) on
>> largeobjects. The two permissions controls reader and writer accesses to
>> the largeobejcts.
>
> What about DELETE permissions? Should we track that separately from
> UPDATE?
PostgreSQL checks ownership of the database object when user tries to
drop it. This patch also add pg_largeobject_ownercheck() on lo_unlink().
>> The CREATE USER/ROLE statement got a new option: LARGEOBJECT/NOLARGEOBJECT.
>> It enables to controls whether the user can create a largeobject, or not.
>
> I don't think this is necessary or appropriate.
What should control privilege to create a new largeobject?
Or, it implicitly allows everyone to create a new one?
>> The pg_largeobject system catalog is reworked to manage its metadata.
>> Actual data chunks are stored in the toast relation of pg_largeobject,
>
> This seems like a very confusing design, and one that (a) breaks
> existing code to no purpose, (b) will greatly complicate in-place
> upgrade. Instead of abusing a toast relation to do something
> nonstandard, keep pg_largeobject as it is now and add a new, separate
> catalog that carries ownership and permissions info for each LO OID.
It was the original design just before the first commit fest. :-)
I don't have any reason to oppose to it.
Thanks,
--
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2009-08-28 15:25:36 | Re: [PATCH] Largeobject access controls |
Previous Message | Marko Tiikkaja | 2009-08-28 15:12:30 | UPDATE .. RETURNING OLD.* |