On Thu, Dec 17, 2009 at 7:19 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: > If we're going to start moving these checks around we need a very > well-defined notion of where permissions checks should be made, so that > everyone knows what to expect. I have not seen any plan for that. > Removing one check at a time because it appears to not be necessary > in the code paths you've looked at is not a plan.
I'm not completely familiar with the existing code structure here, but it sort of seems like in general you might want to divide up the processing of a statement into a parse analysis phase, a permissions checking phase, and an execution phase. The parse analysis seems to be mostly separated out into transformXyz() functions, but the permissions checking is mixed in with the execution. Disentangling that seems like a job and a half. ...Robert -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
