On Tue, Sep 07, 2010 at 12:41:51PM -0700, Jeff Davis wrote:
> On Tue, 2010-09-07 at 11:39 -0700, David Fetter wrote:
> > We'd like to create a role called read_only, with eponymous
> > capability.
>
> Seems useful.
Great to hear :)
> > If so, is it more
> > DCL-ish, or more DDL-ish?
>
> I don't like the idea of a security model relying on the ability (or
> lack thereof) to set GUCs. Imagine the effects of adding new GUCs,
> removing old ones, changing a GUC name, or tweaking the behavior
> slightly.
Offhand, I'm not thinking of past examples of mutating/disappearing
GUC that people would want to freeze, nor of a new GUC that would
negate or substantially alter such freezing. What have I missed?
> It makes more sense to tie it to the role directly, so DDL.
There are still arguments for making it DCL-ish, in the sense that it
is, at least in this case, viewable as a data control issue.
> Also, you should put this in the context of previous discussions, which
> lead to the "ON ALL TABLES IN SCHEMA" feature in 9.0. In particular,
> that feature only affects existing objects, and you are trying to create
> some kind of permissions mask which will affect new objects, as well.
I guess I can see a case for making "read-only" non-global, but I
think a good first try at it would be to make such "freezes" global.
Cheers,
David.
--
David Fetter <david@fetter.org> http://fetter.org/
Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter
Skype: davidfetter XMPP: david.fetter@gmail.com
iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics
Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate