> > > Suggest that we prevent write operations on Frozen tables by
> > > revoking
> > all INSERT, UPDATE or DELETE rights held, then enforcing a check
> > during GRANT to prevent them being re-enabled. Superusers would need
> > to check every time. If we dont do this, then we will have two
> > contradictory states marked in the catalog - privilges saying Yes
and
> > freezing saying No.
> >
> > No, I'd not mess with the permissions and return a different error
> > when trying to modify a frozen table. (It would also be complicated
to
> > unfreeze after create database) We should make it clear, that
freezing
> > is no replacement for revoke.
>
> That was with a mind to performance. Checking every INSERT,
> UPDATE and DELETE statement to see if they are being done
> against a frozen table seems like a waste.
I'd think we would have relminxid in the relcache, so I don't buy the
performance argument :-) (You could still do the actual check in the
same place where the permission is checked)
> There would still be a specific error message for frozen
> tables, just on the GRANT rather than the actual DML statements.
I'd still prefer to see the error on modify. Those that don't can
revoke.
Andreas
---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?
http://archives.postgresql.org
