Re: AW: AW: Proposal for enhancements of privilege system
От | Peter Eisentraut |
---|---|
Тема | Re: AW: AW: Proposal for enhancements of privilege system |
Дата | |
Msg-id | Pine.LNX.4.21.0006011540070.372-100000@localhost.localdomain обсуждение исходный текст |
Ответ на | AW: AW: Proposal for enhancements of privilege system (Zeugswetter Andreas SB <ZeugswetterA@wien.spardat.at>) |
Список | pgsql-hackers |
Zeugswetter Andreas SB writes: > Again Hmm ? Are you going to do select * from <authtable> where pri="select" > or some such ? Usually you look up a users rights for a specific table, > and that needs to be fast. Exactly, that's why I have to do it like this. To interface a system catalog to the shared cache you need a primary key, which would be (object, user, action) in my proposal. With that setup I can easily make queries of the sort "does user X have select right on table Y" as fast as possible, no slower than, say, looking up an attribute definition in pg_attribute. With several privileges per row you make the table unnecessarily sparse, you make interfacing to the catalog cache a nightmare, and you create all sorts of funny implementation problems (for example, revoking a privilege might be an update or a delete, depending on whether it was the last privilege revoked). -- Peter Eisentraut Sernanders väg 10:115 peter_e@gmx.net 75262 Uppsala http://yi.org/peter-e/ Sweden
В списке pgsql-hackers по дате отправления: