It would be great help to me, and I am sure for many other people too who are
working with security solutions, if this feature is released as patch before
8.4 release.
Sanjay Sharma> Date: Tue, 1 Apr 2008 22:02:30 -0400> From: [EMAIL PROTECTED]>
To: [EMAIL PROTECTED]> CC: pgsql-hackers@postgresql.org> Subject: Re: [HACKERS]
column level privileges> > > > The earliest will be 8.4, which is many many
months away.> > It should be possible to produce a patch for 8.3 if you're
interested.> > cheers> > andrew> > sanjay sharma wrote:> > Hello Andrew,> > > >
When do you expect this patch to go in production and available for > > public
use? I would keep an eye for its release.> > > > Sanjay Sharma> >> > > Date:
Tue, 1 Apr 2008 18:40:24 -0400> > > From: [EMAIL PROTECTED]> > > To:
pgsql-hackers@postgresql.org> > > Subject: [HACKERS] column level privileges> >
>> > >> > > Apologies if this gets duplicated - original seems to have been
dropped> > > due to patch size - this time I am sending it gzipped.> > >> > >
cheers> > >> > > andrew> > >> > > -------- Original Message --------> > >
Subject: column level privileges> > > Date: Tue, 01 Apr 2008 08:32:25 -0400> >
> From: Andrew Dunstan <[EMAIL PROTECTED]>> > > To: Patches (PostgreSQL)
<[EMAIL PROTECTED]>> > >> > >> > >> > > This patch by Golden Lui was his work
for the last Google SoC. I was > > his> > > mentor for the project. I have just
realised that he didn't send his> > > final patch to the list.> > >> > > I
guess it's too late for the current commit-fest, but it really needs> > > to go
on a patch queue (my memory on this was jogged by Tom's recent> > > mention of
$Subject).> > >> > > I'm going to see how much bitrot there is and see what
changes are> > > necessary to get it to apply.> > >> > > cheers> > >> > >
andrew> > >> > >> > > -------------> > > Here is a README for the whole patch.>
> >> > > According to the SQL92 standard, there are four levels in the
privilege> > > hierarchy, i.e. database, tablespace, table, and column. Most >
> commercial> > > DBMSs support all the levels, but column-level privilege is
hitherto> > > unaddressed in the PostgreSQL, and this patch try to implement
it.> > >> > > What this patch have done:> > > 1. The execution of GRANT/REVOKE
for column privileges. Now only> > > INSERT/UPDATE/REFERENCES privileges are
supported, as SQL92 specified.> > > SELECT privilege is now not supported. This
part includes:> > > 1.1 Add a column named 'attrel' in pg_attribute catalog to
store> > > column privileges. Now all column privileges are stored, no matter>
> > whether they could be implied from table-level privilege.> > > 1.2 Parser
for the new kind of GRANT/REVOKE commands.> > > 1.3 Execution of GRANT/REVOKE
for column privileges. Corresponding> > > column privileges will be
added/removed automatically if no column is> > > specified, as SQL standard
specified.> > > 2. Column-level privilege check.> > > Now for
UPDATE/INSERT/REFERENCES privilege, privilege check will be> > > done ONLY on
column level. Table-level privilege check was done in the> > > function
InitPlan. Now in this patch, these three kind of privilege are> > > checked
during the parse phase.> > > 2.1 For UPDATE/INSERT commands. Privilege check is
done in the> > > function transformUpdateStmt/transformInsertStmt.> > > 2.2 For
REFERENCES, privilege check is done in the function> > >
ATAddForeignKeyConstraint. This function will be called whenever a> > > foreign
key constraint is added, like create table, alter table, etc.> > > 2.3 For COPY
command, INSERT privilege is check in the function> > > DoCopy. SELECT command
is checked in DoCopy too.> > > 3. While adding a new column to a table using
ALTER TABLE command, set> > > appropriate privilege for the new column
according to privilege already> > > granted on the table.> > > 4. Allow pg_dump
and pg_dumpall to dump in/out column privileges.> > > 5. Add a column named
objsubid in pg_shdepend catalog to record ACL> > > dependencies between column
and roles.> > > 6. modify the grammar of ECPG to support column level
privileges.> > > 7. change psql's \z (\dp) command to support listing column
privileges> > > for tables and views. If \z(\dp) is run with a pattern, column>
> > privileges are listed after table level privileges.> > > 8. Regression test
for column-level privileges. I changed both> > > privileges.sql and
expected/privileges.out, so regression check is now> > > all passed.> > >> > >
Best wishes> > > Dong> > > --> > > Guodong Liu> > > Database Lab, School of
EECS, Peking University> > > Room 314, Building 42, Peking University, Beijing,
100871, China> > >> > >> >> >> >
------------------------------------------------------------------------> >
Exclusive Marriage Proposals! Find UR life partner at Shaadi.com Try > > it!
<http://ss1.richmedia.in/recurl.asp?pid=430>> > -- > Sent via pgsql-hackers
mailing list (pgsql-hackers@postgresql.org)> To make changes to your
subscription:> http://www.postgresql.org/mailpref/pgsql-hackers
_________________________________________________________________
Tried the new MSN Messenger? It’s cool! Download now.
http://messenger.msn.com/Download/Default.aspx?mkt=en-in
