On Mon, Aug 22, 2022 at 09:13:39PM +0200, Pavel Stehule wrote: > po 22. 8. 2022 v 9:33 odesÃlatel Julien Rouhaud <rjuju...@gmail.com> napsal: > > > > > - you define new AclMode READ and WRITE. Those bits are precious and I > > don't > > think it's ok to consume 2 bits for session variables, especially since > > those > > are the last two bits available since the recent GUC access control patch > > (ACL_SET and ACL_ALTER_SYSTEM). Maybe we could existing INSERT and > > UPDATE > > privileges instead, like it's done for sequences? > > > > > I have not a strong opinion about it. AclMode is uint32 - so I think there > are still 15bites reserved. I think so UPDATE and SELECT rights can work, > but maybe it is better to use separate rights WRITE, READ to be stronger > signalized so the variable is not the relation. On other hand large objects > use ACL_UPDATE, ACL_SELECT too, and it works. So I am neutral in this > question. Has somebody here some opinion on this point? If not I'll modify > the patch like Julien proposes.
Actually no, because AclMode is also used to store the grant option part. The comment before AclMode warns about it: * The present representation of AclItem limits us to 16 distinct rights, * even though AclMode is defined as uint32. See utils/acl.h.
