KaiGai Kohei <kaigai@kaigai.gr.jp> writes:
> Bruce Momjian wrote:
>> 1034 and 25 are the oids for 'acllist' and 'text' and they are being
>> added to system tables. Are you saying system tables don't use
>> pg_security but other tables do?
> It means users can refer the "security_acl" and "security_label",
> as if they have proper types. However, in actually, they are stroed
> as security identifiers.
> When user refers "security_acl", the patched heap_getsysattr() invokes
> rowaclHeapGetSecurityAclSysattr() to translate the security identifier
> of Row-level ACLs into an array of ACLs. User will see the translated
> representation, as if there is a variable length array, not an oid.
This seems like a pretty bad idea that will eventually bite you in an
uncomfortable place. Lying about what datatype a field is is just not
safe.
It would probably be better to expose the actual security identifier
(as an OID or whatever it is) and provide simple translation
capabilities a la regclass and other OID-alias types.
regards, tom lane