> I would like to take a look at SQL3 first, because they define some more
> privilege stuff which we could take into account (ROLES, for example).
Yes. Just today I look at Oracle's documentation for ROLEs, PROFILEs
... my idea is prepare acl/account code for this freatures too. What?
IMHO this discussion good adept for any new-acl&accout project. Agree?
> By the way: Regarding your original patch that disallowed LOCK to users, I
... and I see your web page, you listen good music :-)
> looked it up in the source and it turns out that in order to lock a table
> you need write access to it. Isn't that sufficient?
You mean this original PG's code (?):
if (lockstmt->mode == AccessShareLock) aclresult = pg_aclcheck(lockstmt->relname, GetPgUserName(), ACL
else aclresult = pg_aclcheck(lockstmt->relname, GetPgUserName(), ACL
if (aclresult != ACLCHECK_OK) elog(ERROR, "LOCK TABLE: permission denied");
Yes. The my patch create a lock-permission level over this current code.
It is global setting and example for all non-AccessShareLocks you must have
pg_shadow->locktable privilege and 'write' privilage for table.
It is because I have users which needs update/insert access to tables, but
I not want allow a lock command for these users.
Karel