* Alex Hunsaker (badalex@gmail.com) wrote:
> On Wed, Jan 13, 2010 at 12:54, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> > I'm a little worried by Stephen's plan, mainly because I'm concerned
> > that it would lead to ALTER TABLE taking exclusive lock on a table long
> > before it gets around to checking permissions. Still, that's just
> > extending a window that exists now.
>
> Im of the opinion if we are going to be meddling with the permission
> checks in this area one of the goals should be close or at least
> tighten up that window. So you cant lock a table you dont have
> permission to (either via LOCK or ALTER TABLE). (Ignoring the issues
> of concurrent permission changes of course...)
Trying to minimize that makes the permissions checking a royal mess by
making it have to happen all over the place, after every little bit of
information is gathered. I'm not a fan of that because of both concerns
about making sure it's correct and actually matches our documention, as
well as any possibility of making it a pluggable framework. At the
moment, we're doing permissions checks on the main table before we even
know if the other tables referenced in the command exist. I don't think
we're talking about a serious difference in time here either, to be
honest.
Not to mention that if you don't have access to the schema, you wouldn't
be able to take a lock on the table at all, so I'm really not sure how
big a deal this is..
Thanks,
Stephen