On Tue, Sep 07, 2010 at 12:41:51PM -0700, Jeff Davis wrote: > On Tue, 2010-09-07 at 11:39 -0700, David Fetter wrote: > > We'd like to create a role called read_only, with eponymous > > capability. > > Seems useful.
Great to hear :) > > If so, is it more > > DCL-ish, or more DDL-ish? > > I don't like the idea of a security model relying on the ability (or > lack thereof) to set GUCs. Imagine the effects of adding new GUCs, > removing old ones, changing a GUC name, or tweaking the behavior > slightly. Offhand, I'm not thinking of past examples of mutating/disappearing GUC that people would want to freeze, nor of a new GUC that would negate or substantially alter such freezing. What have I missed? > It makes more sense to tie it to the role directly, so DDL. There are still arguments for making it DCL-ish, in the sense that it is, at least in this case, viewable as a data control issue. > Also, you should put this in the context of previous discussions, which > lead to the "ON ALL TABLES IN SCHEMA" feature in 9.0. In particular, > that feature only affects existing objects, and you are trying to create > some kind of permissions mask which will affect new objects, as well. I guess I can see a case for making "read-only" non-global, but I think a good first try at it would be to make such "freezes" global. Cheers, David. -- David Fetter <da...@fetter.org> http://fetter.org/ Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter Skype: davidfetter XMPP: david.fet...@gmail.com iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics Remember to vote! Consider donating to Postgres: http://www.postgresql.org/about/donate -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
