Tom Lane wrote:
> "Robert Haas" <Robert.Haas@dyntek.com> writes:
> ...
>
>>> IF this will be implemented as suggested here, it will become
>>> extremely counter-intuitive.
>>>
> ...
>
>> You could solve this by having explicit positive and negative ACLs, i.e.
>> your permissions for a particular column are:
>>
>
> Uh, wait a moment, people. The proposed project is to implement a
> capability that is fully, 100% specified by the SQL standard. There
> is zero scope for API invention here. You read the spec, you do
> what it says.
>
>
I did read the spec. My suggestion still stands. Because this is a
non-standard construct in the security world (which generally does &&
when combining attributes) the fact that revoking permissions on a
column does nothing unless table exist deserves being documented.
I couldn't find the detail on the rest in the spec (what section is that
in?) but I know Oracle allows inserts to happen if the columns without
privilege are null or have a default value. Am I missing something
obvious in the spec that describes this explicitly?
- August