Thanks for the feedback.

> * int64 (C) to int8 (SQL) mapping for genbki.
> That definitely should be a separate patch. Which can be committed much
> earlier than the rest - even if we don't actually end up needing it for
> this feature, it's still good to have it.

Agreed.  I had previously submitted this as a separate patch, but I think
it got lost in the weeds.  At any rate, here is the relevant post:

> > * replace all role attributes columns in pg_authid with single int64
> column
> > named rolattr.
> > * update CreateRole and AlterRole to use rolattr.
> > * update all has_*_privilege functions to check rolattr.
> > * builtin SQL function 'has_role_attribute' that takes a role oid and
> text
> > name of the attribute as input and returns a boolean.
> I think if we're going to do this - and I'm not yet convinced that
> that's the best route, we should add returns all permissions a user
> has. Right now that's quite easily queryable, but it won't be after
> moving everything into one column. You'd need to manually use all has_*_
> functions... Yes, you've added them already to pg_roles, but there's
> sometimes good reasons to go to pg_authid instead.

This is a good point.  I'll start looking at this and see what I can come
up with.

An array representation was also suggested by Simon (
Obviously there are pro's and con's to either approach.  I'm not married to
it, but felt that a bitmask was certainly more efficient.  However, I know
that an array would be more extensible given that we could envision more
than 64 role attributes.  I'm uncertain if that is a potential reality or
not, but I believe it is certainly worth considering.


Adam Brightwell -
Database Engineer -

Reply via email to