Re: New Privilege model purposal
От | Peter Eisentraut |
---|---|
Тема | Re: New Privilege model purposal |
Дата | |
Msg-id | Pine.LNX.4.21.0008050001180.1568-100000@localhost.localdomain обсуждение исходный текст |
Ответ на | New Privilege model purposal (JanWieck@t-online.de (Jan Wieck)) |
Список | pgsql-hackers |
Jan Wieck writes: > Anyway, it's good to hear you're still on it. What's the > estimated time you think it'll be ready to get patched in? Next release. I would hope we can get the current stuff into beta in a month or so, whereas this project would break open a lot of things. > The thing users actually complain about is the requirement of > UPDATE permissions to REFERENCE a table. This could be fixed > with making RI triggers setuid functions for 7.1 and check > that the user at least has SELECT permission on the > referenced table during constraint creation. This would also > remove the actual DOS problem, that a user could potentiall > create a referencing table and not giving anyone who can > update the referenced one update permissions on it too. > > I think it's worth doing it now, and couple it later with > your general access control things. True. I had already looked into this, it's not fundamentally difficult, but there's a lot of code that will need to be touched. If you want to go for it, be my guest; I agree that it is fairly orthogonal to the rest of the privilege system. I'll put it on my priority list if no one's taking it. -- Peter Eisentraut Sernanders väg 10:115 peter_e@gmx.net 75262 Uppsala http://yi.org/peter-e/ Sweden
В списке pgsql-hackers по дате отправления: