Re: Privileges and inheritance
От | Simon Riggs |
---|---|
Тема | Re: Privileges and inheritance |
Дата | |
Msg-id | 1254736074.4691.132.camel@ebony.2ndQuadrant обсуждение исходный текст |
Ответ на | Re: Privileges and inheritance (Peter Eisentraut <peter_e@gmx.net>) |
Ответы |
Re: Privileges and inheritance
|
Список | pgsql-hackers |
On Mon, 2009-10-05 at 12:30 +0300, Peter Eisentraut wrote: > On Mon, 2009-10-05 at 09:22 +0100, Simon Riggs wrote: > > On Sat, 2009-10-03 at 09:45 +0300, Peter Eisentraut wrote: > > > > > We could use a GUC variable to ease the transition, perhaps like > > > sql_inheritance = no | yes_without_privileges | yes > > > > The original way of doing things was quite useful if you wanted some > > people to be able to see history and others just see recent data. I > > don't think many people are aware of or take advantage of that, so your > > proposal does simplify things for many people. > > Wouldn't that look something like > > data -- empty > data_recent INHERITS (data) > data_old INHERITS (data) > data_ancient INHERITS (data) > > GRANT ... ON data_recent TO A > GRANT ... ON data_old TO B > > I guess you could also do > > data -- recent data > data_old INHERITS (data) > data_ancient INHERITS (data) > > GRANT ... ON data TO A > GRANT ... ON data_old TO B > > And then A, who has only access to the recent data, would always have to > use ONLY data to be able to do anything. That would be a pretty weird > setup. The workaround is to change it to the setup above, which you can > do with a few renames. If you use multiple inheritance it all works as I described. top level: data-template main tables: data, data-recent both inherit from data-template all partitions inherit from data only recent partitions inherit from data-recent grants are issued on data and data-recent Now that I think about it more, I want the change you describe but don't think its a system-wide setting. You may have PostgreSQL inheritance apps next door to partitioning apps. The right place to fix this is when we implement partitioning syntax, so we can set a flag saying "make permissions easier for partitions". -- Simon Riggs www.2ndQuadrant.com
В списке pgsql-hackers по дате отправления: