út 23. 8. 2022 v 3:57 odesílatel Julien Rouhaud <rjuju...@gmail.com> napsal:
> On Mon, Aug 22, 2022 at 09:13:39PM +0200, Pavel Stehule wrote: > > po 22. 8. 2022 v 9:33 odesílatel Julien Rouhaud <rjuju...@gmail.com> > napsal: > > > > > > > > - you define new AclMode READ and WRITE. Those bits are precious and I > > > don't > > > think it's ok to consume 2 bits for session variables, especially > since > > > those > > > are the last two bits available since the recent GUC access control > patch > > > (ACL_SET and ACL_ALTER_SYSTEM). Maybe we could existing INSERT and > > > UPDATE > > > privileges instead, like it's done for sequences? > > > > > > > > I have not a strong opinion about it. AclMode is uint32 - so I think > there > > are still 15bites reserved. I think so UPDATE and SELECT rights can work, > > but maybe it is better to use separate rights WRITE, READ to be stronger > > signalized so the variable is not the relation. On other hand large > objects > > use ACL_UPDATE, ACL_SELECT too, and it works. So I am neutral in this > > question. Has somebody here some opinion on this point? If not I'll > modify > > the patch like Julien proposes. > > Actually no, because AclMode is also used to store the grant option part. > The > comment before AclMode warns about it: > > * The present representation of AclItem limits us to 16 distinct rights, > * even though AclMode is defined as uint32. See utils/acl.h. > I missed this. I changed ACL to your proposal in today's patch Thank you for your corrections. Regards Pavel
