Re: [HACKERS] Add TOAST to system tables with ACL?

Поиск

Список

Период

Сортировка

От	Alexander Korotkov
Тема	Re: [HACKERS] Add TOAST to system tables with ACL?
Дата	4 октября 2017 г. 15:15:29
Msg-id	CAPpHfdtxTS4Zs1G+YZ-ZP69rgBi8n1FmeFfHaMc=LONq0NU7bQ@mail.gmail.com обсуждение исходный текст
Ответ на	Re: [HACKERS] Add TOAST to system tables with ACL? (Tom Lane <tgl@sss.pgh.pa.us>)
Список	pgsql-hackers

On Tue, Oct 3, 2017 at 9:19 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:

For pg_database, you'd have to make sure that the startup-time check of
database CONNECT privilege still works if the ACL's been pushed out of
line.

I've tried this case.

At first, make database temp with no connect privilege from public and 10000 users.

create database temp;

revoke connect on database temp from public;

\copy (select 'create user u' || i || ';' from generate_series(1,10000) i) to 'script.sql'

\i script.sql

I've checked that user u10000 can't login to database temp.

$ psql temp -U u10000

psql: FATAL: permission denied for database "temp"

DETAIL: User does not have CONNECT privilege.

Than I grant connect privilege to all that 10000 users.

\copy (select 'grant connect on database temp to u' || i || ';' from generate_series(1,10000) i) to 'script.sql'

\i script.sql

Then user u10000 can login successfully.

$ psql temp -U u10000

psql (11devel)

Type "help" for help.

u10000@temp=#

Thus, in this simple case database CONNECT privilege works with out-of-line ACL for me.

------

Alexander Korotkov
Postgres Professional: http://www.postgrespro.com
The Russian Postgres Company

В списке pgsql-hackers по дате отправления:

От: Ants Aasma
Дата: 04 октября 2017 г., 14:56:47
Сообщение: Re: [HACKERS] JIT compiling - v4.0

От: Magnus Hagander
Дата: 04 октября 2017 г., 15:24:01
Сообщение: Re: [HACKERS] list of credits for release notes