pgsql: More cleanup on roles patch.

Do we follow RBAC (http://csrc.nist.gov/rbac/) ?
Proposed NIST standard is available http://csrc.nist.gov/rbac/rbacSTD-ACM.pdf

Oleg
On Wed, 29 Jun 2005, Tom Lane wrote:

Log Message:
-----------
More cleanup on roles patch. Allow admin option to be inherited through
role memberships; make superuser/createrole distinction do something
useful; fix some locking and CommandCounterIncrement issues; prevent
creation of loops in the membership graph.

Modified Files:
--------------
pgsql/src/backend/commands:
dbcommands.c (r1.162 -> r1.163)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/commands/dbcommands.c.diff?r1=1.162&r2=1.163)
user.c (r1.154 -> r1.155)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/commands/user.c.diff?r1=1.154&r2=1.155)
pgsql/src/backend/parser:
gram.y (r2.500 -> r2.501)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/parser/gram.y.diff?r1=2.500&r2=2.501)
keywords.c (r1.161 -> r1.162)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/parser/keywords.c.diff?r1=1.161&r2=1.162)
pgsql/src/backend/utils/adt:
acl.c (r1.116 -> r1.117)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/adt/acl.c.diff?r1=1.116&r2=1.117)
pgsql/src/backend/utils/init:
flatfiles.c (r1.10 -> r1.11)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/init/flatfiles.c.diff?r1=1.10&r2=1.11)
pgsql/src/include/utils:
acl.h (r1.79 -> r1.80)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/include/utils/acl.h.diff?r1=1.79&r2=1.80)

---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings

Regards,
Oleg
_____________________________________________________________
Oleg Bartunov, sci.researcher, hostmaster of AstroNet,
Sternberg Astronomical Institute, Moscow University (Russia)
Internet: oleg@sai.msu.su, http://www.sai.msu.su/~megera/
phone: +007(095)939-16-83, +007(095)939-23-83

Oleg Bartunov <oleg@sai.msu.su> writes:

Do we follow RBAC (http://csrc.nist.gov/rbac/) ?

Personally, I'm reading SQL99 for this.

regards, tom lane

* Tom Lane (tgl@sss.pgh.pa.us) wrote:

Oleg Bartunov <oleg@sai.msu.su> writes:

Do we follow RBAC (http://csrc.nist.gov/rbac/) ?

Personally, I'm reading SQL99 for this.

I've been following an SQL2003 draft... That looks interesting but I
think we probably want to stick to SQL..

Thanks,

Stephen

On Wed, 29 Jun 2005, Stephen Frost wrote:

* Tom Lane (tgl@sss.pgh.pa.us) wrote:

Oleg Bartunov <oleg@sai.msu.su> writes:

Do we follow RBAC (http://csrc.nist.gov/rbac/) ?

Personally, I'm reading SQL99 for this.

I've been following an SQL2003 draft... That looks interesting but I
think we probably want to stick to SQL..

we use RBAC for years as an external application and it's very nice to have it
built-in. I'm looking for possibility to check if given role have enough
privileges to perform some operation on some subset of data specified by
WHERE clause. For example, one role is granted full access the whole
catalog, while other could read all catalog and modify only part.

Thanks,

Stephen

Regards,
Oleg
_____________________________________________________________
Oleg Bartunov, sci.researcher, hostmaster of AstroNet,
Sternberg Astronomical Institute, Moscow University (Russia)
Internet: oleg@sai.msu.su, http://www.sai.msu.su/~megera/
phone: +007(095)939-16-83, +007(095)939-23-83