Re: [PATCH] DefaultACLs

Hi Petr,

> this is first public version of our DefaultACLs patch as described on
> http://wiki.postgresql.org/wiki/DefaultACL .

I have been assigned by Robert to do an initial review of your "GRANT
ON ALL" patch mentioned here
(http://archives.postgresql.org/pgsql-hackers/2009-07/msg00207.php)

Does this new DefaultACL patch nullify this earlier one? Or it is
different and should be looked at first since it was added to the
commitfest before the defaultACL patch? It is a bit confusing. Please
clarify.

Regards,
Nikhils

> It allows GRANT/REVOKE permissions to be inherited by objects based on
> schema permissions at create type by use of ALTER SCHEMA foo SET DEFAULT
> PRIVILEGES ON TABLE SELECT TO bar syntax. There is also ADD and DROP for
> appending and removing those default privileges. It works for tables, views,
> sequences and functions. More info about syntax and some previous discussion
> is on wiki.
>
> There is also GRANT DEFAULT PRIVILEGES ON tablename which *replaces* current
> object privileges with the default ones. Only owner can do both of those
> commands (ALTER SCHEMA can be done only by schema owner and GRANT can be
> done only by object owner).
>
> It adds new catalog table which stores the default permissions for given
> schema and object type. We didn't add syscache entry for that as Stephen
> Frost didn't feel we should do that (yet). Three functions were also
> exported from aclchk.c because most of the ALTER SCHEMA stuff is done in
> schemacmds.c.
>
> The current version is fully working and includes some regression tests.
> There is however no documentation at this moment.
> Patch is against current Git HEAD (it is context diff).
>
> --
> Regards
> Petr Jelinek (PJMODOS)
>
>
>
> --
> Sent via pgsql-hackers mailing list (pgsql-hackers(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-hackers
>
>

--
http://www.enterprisedb.com