On Tue, 2010-09-07 at 11:39 -0700, David Fetter wrote:
> We'd like to create a role called read_only, with eponymous
> capability.

Seems useful.

> If so, is it more
> DCL-ish, or more DDL-ish?

I don't like the idea of a security model relying on the ability (or
lack thereof) to set GUCs. Imagine the effects of adding new GUCs,
removing old ones, changing a GUC name, or tweaking the behavior
slightly. It makes more sense to tie it to the role directly, so DDL.

Also, you should put this in the context of previous discussions, which
lead to the "ON ALL TABLES IN SCHEMA" feature in 9.0. In particular,
that feature only affects existing objects, and you are trying to create
some kind of permissions mask which will affect new objects, as well.

Regards,
        Jeff Davis


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Reply via email to