> 3) For every privilege descriptor in CPD whose action is
> INSERT, UPDATE,
>or REFERENCES without a column name, privilege descriptors are also
>created and added to CPD for each column C in O for which
> A holds the
>corresponding privilege with grant option. For each such column,
"William ZHANG" <[EMAIL PROTECTED]> writes:
> Another problem is, should we allow any circles to be formed when executing
> GRANTs?
This is already prohibited.
regards, tom lane
---(end of broadcast)---
TIP 3: Have you check
"kevin brintnall" <[EMAIL PROTECTED]>
...
> (SQL99, 10.5 , General Rules, 15-18)
>
> 15) SELECT with neither nor list> specifies the SELECT privilege on all columns of T including any
> ^
>columns subsequently added to
>> 2. deal with circles in GRANT graph.
>
> Can you give an examle for how this is any different for column-level
> GRANTs?
When judging if there are any circles in the grant graph, we can represent
table priviledges as column priviledges, thus make things easier. I have not
think hard enought to
On Sun, Jan 29, 2006 at 08:16:40PM -0500, Tom Lane wrote:
> Euler Taveira de Oliveira <[EMAIL PROTECTED]> writes:
> > --- kevin brintnall <[EMAIL PROTECTED]> escreveu:
> >> if user matches an acl for the column
> >>.. and priv is granted, then permit
> >>.. else priv is not granted, reject
Euler Taveira de Oliveira <[EMAIL PROTECTED]> writes:
> --- kevin brintnall <[EMAIL PROTECTED]> escreveu:
>> if user matches an acl for the column
>> .. and priv is granted, then permit
>> .. else priv is not granted, reject
>> else fall through to table privileges
> Wouldn't it be more
--- kevin brintnall <[EMAIL PROTECTED]> escreveu:
> if user matches an acl for the column
> .. and priv is granted, then permit
> .. else priv is not granted, reject
> else fall through to table privileges
>
Wouldn't it be more cheap to test the most-common
On Thu, Jan 26, 2006 at 10:25:40PM +0800, William ZHANG wrote:
>
> I think we should pay attention to the sematic of table privs and column
> privs.
> Here is some examples.
>
> 1. role1 GRANT table priviledge SELECT on table S to role2.
> role1 REVOKE column priviledge SELECT on column S(SNO
I think we should pay attention to the sematic of table privs and column
privs.
Here is some examples.
1. role1 GRANT table priviledge SELECT on table S to role2.
role1 REVOKE column priviledge SELECT on column S(SNO) from role2.
2. deal with circles in GRANT graph.
"kevin brintnall" <[EMAIL
