On 03/21/2016 10:34 AM, Robert Haas wrote:
On Sun, Mar 20, 2016 at 11:34 PM, Alvaro Herrera
ObjectProperty contains a comment that the ACL is "same as relation",
but is that still correct, given that now stats may be related to more
than one relation? Do we even know what the rules for ACLs on
cross-relation stats are? One very simple way to get around this is to
dictate that all the rels must have the same owner.
That's not really all that simple - you'd have to forbid changing
the owner of a relation involved in multi-rel statistics, but that's
horrible. Presumably at the very least you'd then have to find some
way of allowing the owner of everything in the group to be changed
at the same time, but that's a whole new innovation. I think this is
a very messy line of attack.
I agree. I don't think we should / need to impose such additional
restrictions (e.g. same owner for all tables).
I think for using the statistics (to compute estimates for a query), it
should be enough that the user can access all the tables it's built on.
Which happens somehow implicitly, and currently it's trivial as each
statistics is built on a single table.
I don't have a clear idea what should we do in the future with multiple
tables (e.g. when the statistics is built on 3 tables, the query is on 2
of them and the user does not have access to the remaining one).
But maybe we need to support ACLs because of ALTER STATISTICS?
Tomas Vondra http://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Sent via pgsql-hackers mailing list (firstname.lastname@example.org)
To make changes to your subscription: