From: | Petr Jelinek <pjmodos(at)pjmodos(dot)net> |
---|---|
To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Jan Urban'ski <wulczer(at)wulczer(dot)org>, Josh Berkus <josh(at)agliodbs(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: [PATCH] DefaultACLs |
Date: | 2009-10-02 16:53:58 |
Message-ID: | 4AC63026.2050704@pjmodos.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Petr Jelinek napsal(a):
> Robert Haas napsal(a):
>> I'm going to reiterate what I suggested upthread... let's let the
>> default, global default ACL contain the hard-wired privileges, instead
>> of making them hardwired. Then your objects will get those privileges
>> not because they are hard-wired, but because you haven't changed your
>> global default ACL to not contain them.
>
> That's somewhat how I implemented it although not just on global level
> but in any single filter, what we now have as defaults (before this
> patch) is used as template for default acls and you can revoke it. You
> just can't revoke anything you granted anywhere in the default acls chain.
Reminds me I forgot to adjust the docs. Attached patch fixes that (no
other changes).
--
Regards
Petr Jelinek (PJMODOS)
Attachment | Content-Type | Size |
---|---|---|
defacl-2009-10-02.diff.gz | application/x-tar | 21.8 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2009-10-02 16:58:29 | Re: latest hstore patch |
Previous Message | David E. Wheeler | 2009-10-02 16:47:21 | Re: latest hstore patch |