> > Imho this is an area where it does make sense to look at what other
> > db's do, because it makes the toolwriters life so much easier if pg
> > behaves like some other common db.
>
> The defined interface to the privilege system is GRANT, REVOKE, and
> "access denied" (and a couple of INFORMATION_SCHEMA views,
> eventually).
> I don't see how other db's play into this.
Of course the grant revoke is the same. But administrative tools usually
allow you to dump schema, all rights, triggers ... for an object and thus
need
access to the system tables containing the grants.
>
> > Other db's usually use a char array for priaction and don't have
> > priisgrantable, but code it into priaction. Or they use a bitfield.
> > This has the advantage of only producing one row per table.
>
> That's the price I'm willing to pay for abstraction,
> extensibility, and
> verifyability. But I'm open for better ideas.
Imho this is an area that is extremly sensitive to performance,
the rights have to be checked for each access.
Andreas