From: | Adam Brightwell <adam(dot)brightwell(at)crunchydatasolutions(dot)com> |
---|---|
To: | Andres Freund <andres(at)anarazel(dot)de> |
Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Role Attribute Bitmask Catalog Representation |
Date: | 2014-11-25 17:11:46 |
Message-ID: | CAKRt6CQ4rSqJp8TUgaRxxHsBcCWsczfqeqdb8BN13L_Y5sTYLw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Andres,
Thanks for the feedback.
> * int64 (C) to int8 (SQL) mapping for genbki.
>
> That definitely should be a separate patch. Which can be committed much
> earlier than the rest - even if we don't actually end up needing it for
> this feature, it's still good to have it.
Agreed. I had previously submitted this as a separate patch, but I think
it got lost in the weeds. At any rate, here is the relevant post:
> > * replace all role attributes columns in pg_authid with single int64
> column
> > named rolattr.
> > * update CreateRole and AlterRole to use rolattr.
> > * update all has_*_privilege functions to check rolattr.
> > * builtin SQL function 'has_role_attribute' that takes a role oid and
> text
> > name of the attribute as input and returns a boolean.
>
> I think if we're going to do this - and I'm not yet convinced that
> that's the best route, we should add returns all permissions a user
> has. Right now that's quite easily queryable, but it won't be after
> moving everything into one column. You'd need to manually use all has_*_
> functions... Yes, you've added them already to pg_roles, but there's
> sometimes good reasons to go to pg_authid instead.
>
This is a good point. I'll start looking at this and see what I can come
up with.
An array representation was also suggested by Simon (
http://www.postgresql.org/message-id/CA+U5nMJGVdz6jX_YBJk99Nj7mWfGfVEmxtdc44LVHq64gkN8qg@mail.gmail.com)
Obviously there are pro's and con's to either approach. I'm not married to
it, but felt that a bitmask was certainly more efficient. However, I know
that an array would be more extensible given that we could envision more
than 64 role attributes. I'm uncertain if that is a potential reality or
not, but I believe it is certainly worth considering.
-Adam
--
Adam Brightwell - adam(dot)brightwell(at)crunchydatasolutions(dot)com
Database Engineer - www.crunchydatasolutions.com
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2014-11-25 17:14:11 | Re: Additional role attributes && superuser review |
Previous Message | Heikki Linnakangas | 2014-11-25 17:11:36 | Re: PITR failing to stop before DROP DATABASE |