Tom,
> the behavior of
> security-related commands should be as simple and unsurprising as
> possible. Weird special cases added in the name of improving usability
> are likely to do the opposite.
Golden rule.
Thank you :)
---(end of broadcast)---
Alvaro Herrera <[EMAIL PROTECTED]> writes:
> Gevik Babakhani wrote:
>> Of course a TABLE owner can revoke privileges from himself. But why
>> would a DATABASE owner want to lock himself out from CONNECTING to his
>> database.
> I don't know :-) If it doesn't make sense for somebody, then she won'
Gevik Babakhani <[EMAIL PROTECTED]> writes:
> On Sun, 2006-04-23 at 17:06 -0400, Alvaro Herrera wrote:
>> If I'm not mistaken, the general principle for creating objects is leave
>> their ACLs as NULLs.
> Personally I think this would create an conflict only in case of the
> CONNECT privilege. If
Alvaro Herrera <[EMAIL PROTECTED]> writes:
> Gevik Babakhani wrote:
>> At this moment the owner of the database CAN REVOKE himself form the
>> ACL_OBJECT_DATABASE. If the implementation above is acceptable then I
>> can work on this one :)
> Hmm, what do you want to do about it? ISTM the owner sh
> I don't know :-) If it doesn't make sense for somebody, then she won't
> do it.
>
> It's not like we are going out of our way to allow somebody to revoke
> the privileges from oneself. We are just keeping the thing as simple as
> possible. As I said, maybe a reasonable option would be to rais
Gevik Babakhani wrote:
> > > Personally I think it would be better for the database owner not have
> > > the option to REVOKE himself from the CONNECTION privilege of his own
> > > database.
> >
> > Why? A table owner can revoke privileges from himself.
>
> Of course a TABLE owner can revoke p
Hi,
> if (acl in pg_database == NULL)
> acl = acldefault
> else
> acl = acl in pg_database
> if (has_permission(acl, user, ACL_CONNECT))
> can connect
> else
> can't connect
>
>
> To revoke a privilege you do this:
>
> if (acl in pg_datbase == NULL)
> acl = acldefa
Gevik Babakhani wrote:
> > If I'm not mistaken, the general principle for creating objects is leave
> > their ACLs as NULLs. Later, when a privilege is going to be checked, a
> > NULL is treated as if it contained whatever default privilege the object
> > class has. So you should leave this code
On Sun, Apr 23, 2006 at 11:40:08PM +0200, Gevik Babakhani wrote:
> > Also I'm not sure if we have discussed what's the default (initial)
> > privilege state. Do we want PUBLIC to have CONNECT privilege?
>
> If I where a DBA I would rather explicitly give people connect
> permission to my database
Hi,
On Sun, 2006-04-23 at 17:06 -0400, Alvaro Herrera wrote:
> Gevik Babakhani wrote:
>
> Hi,
>
> > 2) The file parsenodes.h is updated to support
> > #define ACL_DATABASE_CONNECT
>
> I wouldn't call it ACL_DATABASE_CONNECT, just ACL_CONNECT. Currently we
> don't have any objects other than da
Gevik Babakhani wrote:
Hi,
> 2) The file parsenodes.h is updated to support
> #define ACL_DATABASE_CONNECT
I wouldn't call it ACL_DATABASE_CONNECT, just ACL_CONNECT. Currently we
don't have any objects other than databases that need connecting to, but
you never know.
(It should be very easy to
11 matches
Mail list logo
