When and where to check for function permissions
От | Peter Eisentraut |
---|---|
Тема | When and where to check for function permissions |
Дата | |
Msg-id | Pine.LNX.4.30.0202131510540.683-100000@peter.localdomain обсуждение исходный текст |
Ответы |
Re: When and where to check for function permissions
|
Список | pgsql-hackers |
In my current implementation for function privileges, I have the function permission check somewhere down in the executor. (To be precise, the permission is determined when the fcache is initialized, and it's checked in ExecMakeFunctionResult.) Now I remembered the way SQL99 specifies function resolution, which has the permission check before the function resolution begins. See also http://archives.postgresql.org/pgsql-hackers/2002-01/msg01120.php for the full details. This makes some sense, because normally you'd want the parser to choose only between the functions you have access to. I do have two concerns, however: 1. It would lead to confusing error messages, i.e., always "not found" instead of "permission denied". 2. It would make a great deal of more sense if the table name resolution that will be necessary in the new schema implementation were done the same way. But I have a feeling that this could get messy when rewrite rules are involved. (More generally, the whole schema resolution could get messy when rewrite rules are involved.) Any comments? -- Peter Eisentraut peter_e@gmx.net
В списке pgsql-hackers по дате отправления: