| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
| Cc: | Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com>, Alvaro Herrera <alvherre(at)commandprompt(dot)com>, Gregory Stark <stark(at)enterprisedb(dot)com>, Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, Bruce Momjian <bruce(at)momjian(dot)us>, Joshua Brindle <method(at)manicmethod(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Josh Berkus <josh(at)agliodbs(dot)com>, PG Hackers <pgsql-hackers(at)postgresql(dot)org>, Jaime Casanova <jcasanov(at)systemguards(dot)com(dot)ec> |
| Subject: | Re: Updates of SE-PostgreSQL 8.4devel patches (r1710) |
| Date: | 2009-03-12 01:22:45 |
| Message-ID: | 603c8f070903111822n527359dfwfac6c1e7b664c639@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> * ACL_INSERT
> The db_table:{insert} and db_column:{insert} for all the target
> columns are checked. The table-level permission does not override
> column-level permission, so the client need to have privileges
> for both of objects. It is same as other permissions.
>
> * ACL_SELECT
> The db_table:{select} and db_column:{select} for all the target
> columns are checked.
> But it applies db_table:{lock} on LockTableCommand().
>
> * ACL_UPDATE
> The db_table:{update} and db_column:{update} for all the target
> columns are checked.
>
> * ACL_DELETE
> The db_table:{delete} is also checked. No column-level checks here.
I'm more or less with you up to this point.
> * ACL_TRUNCATE
> The db_table:{delete} is also checked.
> SE-PostgreSQL does not discriminate between TRUNCATE and DELETE.
But this seems wrong.
> * ACL_REFERENCES
> * ACL_TRIGGER
> SE-PostgreSQL does not care about these privileges.
> But, it checks db_procedure:{execute} on trigger invocation time,
> and it also checks db_table:{select} on checks of FK constraint
> within its secondary SQL execution.
And so do these. Why should there be any asymmetry with regular
PostgreSQL here?
> * ACL_EXECUTE
> The db_procedure:{execute} is also checked.
> This check is embedded within pg_proc_ackcheck().
Good...
> * ACL_USAGE
> * ACL_CREATE
> * ACL_CREATE_TEMP
> SE-PostgreSQL does not care about there privileges.
Again, there doesn't seem to be any reason for this asymmetry. I
think you should change it.
...Robert
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2009-03-12 01:28:25 | parallel restore item dependencies |
| Previous Message | Tom Lane | 2009-03-12 01:21:08 | Re: Should SET ROLE inherit config params? |