Tom Lane wrote: > So I think we don't have much choice but to implement theory #2; which > is essentially the same thing I said earlier, ie, ACLs have to record > the grantor of a privilege as being the role actually holding the grant > option, not the role-member issuing the GRANT.
There are really two different considerations here. The first is the meaning of the role relationships involved. With respect to this, I'm in agreement that the recorded grantor of the privilege should be the role actually holding the option. But the second is auditing. It's useful to know which user/role actually performed the grant in question, independent of the grant relationships themselves. These two are at odds with each other only if the system can record only one of the two things. The auditing consideration really argues for the implementation of an audit trail table/structure, if one doesn't already exist (and if it already exists, then clearly the ACLs should be storing the id of the role holding the grant, since the audit structure will separately record the user/role issuing the grant). -- Kevin Brown [EMAIL PROTECTED] ---------------------------(end of broadcast)--------------------------- TIP 5: don't forget to increase your free space map settings