Quick Links

Re: [v9.2] sepgsql's DROP Permission checks

From:	Robert Haas <robertmhaas(at)gmail(dot)com>
To:	Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>
Cc:	PgHacker <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: [v9.2] sepgsql's DROP Permission checks
Date:	2012-01-19 01:34:13
Message-ID:	CA+TgmobYv7U8ktj6+LsjODKf=jhfWsGSf9RvyKcc4zUvpKjjOw@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Wed, Jan 18, 2012 at 9:50 AM, Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp> wrote:
> In sepgsql side, it determines a case to apply permission checks
> according to the contextual information; that is same technique
> when we implemented create permission.
> Thus, it could checks db_xxx:{drop} permission correctly.

Why do we need the contextual information in this case? Why
can't/shouldn't the decision be made solely on the basis of what
object is targeted?

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

In response to

Re: [v9.2] sepgsql's DROP Permission checks at 2012-01-18 14:50:07 from Kohei KaiGai

Responses

Re: [v9.2] sepgsql's DROP Permission checks at 2012-01-19 08:51:50 from Kohei KaiGai

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Noah Misch	2012-01-19 02:11:35	Re: foreign key locks, 2nd attempt
Previous Message	Noah Misch	2012-01-19 00:01:05	Re: Measuring relation free space