Column-Level Privileges

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: pgsql-hackers(at)postgresql(dot)org
Cc: Markus Wanner <markus(at)bluegap(dot)ch>, Alvaro Herrera <alvherre(at)commandprompt(dot)com>
Subject: Column-Level Privileges
Date: 2009-01-16 04:58:25
Message-ID: 20090116045825.GY4656@tamriel.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

All,

Attached is an updated patch for column-level privileges. This is a
very minor change to use get_rel_name(), so the main point of this is
to update the general community on the status of the patch. It was
pointed out to me that some folks havn't been able to follow along and
so aren't sure of the status.

Overall, I feel this patch is definitely ready for another review.
Markus, Alvaro, as the official CommitFest Reviewers, I'd really like
your feedback on this version. Comments are welcome from others too,
of course.

Changes since the November patch:

- column-level privileges are now respected during JOINs, including
NATURAL JOINs and JOINs with USING clauses, per the SQL
specification, many thanks to KaiGai and Tom for that!
- Regression tests have been added and are reasonably extensive, but
more testing is always good, please test and comment if you're
interested in this capability!
- Documentation has been added
- psql and pg_dump, support has been added
- The code has been cleaned up, bits of code refactored into seperate
functions (pg_attribute_aclcheck_all, ExecGrant_Attribute), follows
coding practices better
- execMain is now cleaner in how it handles permissions that aren't
applicable to columns
- Dependency handling has been fixed
- Interfaces have been made cleaner between acl.c and aclchk.c,
aclchk.c no longer knows the deep innards of an Acl
- Comments added about impact of attacl being added to pg_attribute
- Priv node renamed to AccessPriv
- RTE variables cols_sel and cols_mod changed to Bitmapsets
- outfuncs support added for AccessPriv
- readfuncs now support Bitmapsets
- error-handling for GRANT CREATE (col1) improved
- system columns now handled when explicitly requested
- Other minor changes/bug fixes

I'm not aware of any outstanding issues at this point. The changes
recently have been pretty minor, and I really feel like things have
settled down a great deal with this patch.

Thanks!

Stephen

Attachment Content-Type Size
colprivs_2009011502.diff.gz application/octet-stream 35.3 KB

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Joshua D. Drake 2009-01-16 07:14:34 Re: FWD: Re: Updated backslash consistency patch
Previous Message Josh Berkus 2009-01-16 04:26:33 Re: FWD: Re: Updated backslash consistency patch