Implementation details of schema permissions?
Tom, do you have plans yet on how to store permissions granted on schemas?
For the almost-done permissions on functions and languages, I reuse the
aclitem arrays. Since these objects only have one kind of permission, it
seems reasonable to overload the select/read permission bit for this.
However, I imagine that schemas may have a different set of permissions,
perhaps including CREATE and such, which might not fit into the aclitem.
In case you're inventing a whole new mechanism that needs to be
coordinated, let me know.
--
Peter Eisentraut peter_e@gmx.net
Peter Eisentraut <peter_e@gmx.net> writes:
Tom, do you have plans yet on how to store permissions granted on schemas?
Haven't thought about it very hard. I would like to reuse the existing
ACL support, of course. We might need to generalize it to allow
different sets of permission bits for different kinds of objects.
[ thinks... ] AFAIR, the low-level ACL routines don't really know/care
much about the meanings of the bits, except for the I/O converters which
have to be able to map bits to code letters. So parameterization seems
pretty feasible. We could use atttypmod to let the I/O converters know
which code map applies to a particular ACL column, I think.
regards, tom lane