| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Zeugswetter Andreas SB <ZeugswetterA(at)wien(dot)spardat(dot)at> |
| Cc: | "'PostgreSQL Development'" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: AW: AW: Proposal for enhancements of privilege system |
| Date: | 2000-06-02 00:37:12 |
| Message-ID: | Pine.LNX.4.21.0006011540070.372-100000@localhost.localdomain |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Zeugswetter Andreas SB writes:
> Again Hmm ? Are you going to do select * from <authtable> where pri="select"
> or some such ? Usually you look up a users rights for a specific table,
> and that needs to be fast.
Exactly, that's why I have to do it like this. To interface a system
catalog to the shared cache you need a primary key, which would be
(object, user, action) in my proposal. With that setup I can easily make
queries of the sort "does user X have select right on table Y" as fast as
possible, no slower than, say, looking up an attribute definition in
pg_attribute.
With several privileges per row you make the table unnecessarily sparse,
you make interfacing to the catalog cache a nightmare, and you create all
sorts of funny implementation problems (for example, revoking a privilege
might be an update or a delete, depending on whether it was the last
privilege revoked).
--
Peter Eisentraut Sernanders väg 10:115
peter_e(at)gmx(dot)net 75262 Uppsala
http://yi.org/peter-e/ Sweden
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2000-06-02 00:43:35 | Re: config files in /data |
| Previous Message | Peter Eisentraut | 2000-06-02 00:37:06 | Re: config files in /data |