Tom Lane wrote:
"Robert Haas" <[EMAIL PROTECTED]> writes:
...
IF this will be implemented as suggested here, it will become
extremely counter-intuitive.
...
You could solve this by having explicit positive and negative ACLs, i.e.
your permissions for a particular column are:
Uh, wait a moment, people. The proposed project is to implement a
capability that is fully, 100% specified by the SQL standard. There
is zero scope for API invention here. You read the spec, you do
what it says.
I did read the spec. My suggestion still stands. Because this is a
non-standard construct in the security world (which generally does &&
when combining attributes) the fact that revoking permissions on a
column does nothing unless table exist deserves being documented.
I couldn't find the detail on the rest in the spec (what section is that
in?) but I know Oracle allows inserts to happen if the columns without
privilege are null or have a default value. Am I missing something
obvious in the spec that describes this explicitly?
- August
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
