Re: [PATCH] DefaultACLs

From: Petr Jelinek <pjmodos(at)pjmodos(dot)net>
To: Nikhil Sontakke <nikhil(dot)sontakke(at)enterprisedb(dot)com>
Cc: PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: [PATCH] DefaultACLs
Date: 2009-07-16 11:54:18
Message-ID: 4A5F14EA.5030002@pjmodos.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Nikhil Sontakke wrote:
> Does this new DefaultACL patch nullify this earlier one? Or it is
> different and should be looked at first since it was added to the
> commitfest before the defaultACL patch? It is a bit confusing. Please
> clarify.
>
No, DefaultACLs applies to objects created in the future while GRANT ON
ALL affects existing objects.
DefaultACLs is more important functionality so it should probably take
precedence in review process.

There is however one thing that needs some attention. Both patches add
distinction between VIEW and TABLE objects for acls into parser and they
both do it differently. GRANT ON ALL works by adding ACL_OBJECT_VIEW and
tracks that object type in code (that was my original method in both
patches) while DefaultACLs uses method suggested by Stephen Frost which
is creating new enum with relation, view, function and sequence members
(those are object types for which both DefaultACLs and GRANT ON ALL are
applicable). The second method has advantage of minimal changes to
existing code.
It's pointless to use both methods so one of the patches will have to be
adjusted. The problem is that most people seem to dislike the addition
of ACL_OBJECT_VIEW but on the other hand I don't like the idea of adding
another object type variable into GrantStmt struct which would be needed
if we adjusted GRANT ON ALL to Stephen Frost's method.

--
Regards
Petr Jelinek (PJMODOS)

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Grzegorz Jaskiewicz 2009-07-16 12:11:35 Re: boolean in C
Previous Message Bernd Helmle 2009-07-16 11:52:59 Re: boolean in C