| From: | KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [PATCH] Largeobject access controls |
| Date: | 2009-08-28 15:40:56 |
| Message-ID: | 4A97FA88.8000201@kaigai.gr.jp |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
>>>> The CREATE USER/ROLE statement got a new option: LARGEOBJECT/NOLARGEOBJECT.
>>>> It enables to controls whether the user can create a largeobject, or not.
>>> I don't think this is necessary or appropriate.
>
>> What should control privilege to create a new largeobject?
>> Or, it implicitly allows everyone to create a new one?
>
> We have not had any requests to keep people from creating LOs, so I
> think we can just implicitly allow everyone. If we were going to try
> to manage it, I don't think a role attribute is a very good solution.
> It's not grantable or inheritable, it can't be managed per-database,
> etc. So I'd leave this out until there's some popular demand.
OK, I'll keep the current behavior (it allows everyone to create it).
BTW, currently, the default ACL of largeobject allows anything for owner
and nothing for world. Do you have any comment for the default behavior?
Thanks,
--
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2009-08-28 15:52:54 | Re: Getting rid of the flat authentication file |
| Previous Message | Kevin Grittner | 2009-08-28 15:39:47 | Re: 8.5 release timetable, again |