On 12/16/2011 11:58 AM, Dimitri Fontaine wrote:
The whole patches are now against contrib/sepgsql, which seems to me to
be a good news, but means I'm not skilled to help review further. I'm
unsure about marking that as “ready for commiter” but I'm definitely
done myself.
Robert already too
Hi,
Kohei KaiGai writes:
> The attached patches are revised ones.
> I added explanations of DDL permissions on creation time added by these
> patches,
> and added a few regression test cases.
The whole patches are now against contrib/sepgsql, which seems to me to
be a good news, but means I'm n
2011/12/3 Robert Haas :
> On Fri, Dec 2, 2011 at 6:52 AM, Kohei KaiGai wrote:
>> At least, it is working. However, it is not a perfect solution to the
>> future updates
>> of code paths in the core.
>
> Hmm. So, do you want this committed? If so, I think the major thing
> it lacks is documentati
On Fri, Dec 2, 2011 at 6:52 AM, Kohei KaiGai wrote:
> At least, it is working. However, it is not a perfect solution to the
> future updates
> of code paths in the core.
Hmm. So, do you want this committed? If so, I think the major thing
it lacks is documentation.
I can't help noticing that th
I tried to implement remaining portion of the object creation permission patches
using this approach; that temporary saves contextual information using existing
ProcessUtility hook and ExecutorStart hook.
It likely works fine towards my first problem; system catalog entry
does not have
all the inf
2011/11/28 Dimitri Fontaine :
> Kohei KaiGai writes:
>> I found up a similar idea that acquires control on ProcessUtility_hook and
>> save necessary contextual information on auto variable then kicks the
>> original ProcessUtility_hook, then it reference the contextual information
>> from object_a
Kohei KaiGai writes:
> I found up a similar idea that acquires control on ProcessUtility_hook and
> save necessary contextual information on auto variable then kicks the
> original ProcessUtility_hook, then it reference the contextual information
> from object_access_hook.
In this case that would
2011/11/28 Dimitri Fontaine :
> Kohei KaiGai writes:
>> How does it inherit an opaque private initialized at BEFORE trigger to
>> AFTER trigger? I checked your patch, however, it seems to me it does
>> not have a mechanism to deliver something between BEFORE and AFTER.
>
> Right, there's no such f
Kohei KaiGai writes:
> How does it inherit an opaque private initialized at BEFORE trigger to
> AFTER trigger? I checked your patch, however, it seems to me it does
> not have a mechanism to deliver something between BEFORE and AFTER.
Right, there's no such facility provided in there. But it see
2011/11/27 Dimitri Fontaine :
>> And, it seems to me the current proposition of the command trigger
>> does not support to fire triggers on creation of databases, although
>> permission checks requires Oid of source database that is not also
>> appeared in pg_database catalog.
>
> I have to have a
Kohei KaiGai writes:
> Sorry, it does not cover all the code paths that I want to apply permission
> checks around creation of new tables.
>
> The existing DAC checks permission on creation of new tables at
> DefineRelation() and OpenIntoRel(), and sepgsql also wants to follow
> this manner.
> How
2011/11/27 Dimitri Fontaine :
> Kohei KaiGai writes:
>>> I wonder if you could implement that as an extension given the command
>>> trigger patch finds its way in. What do you think?
>>>
>> Unfortunately, it does not solve my point.
>
> [...]
>
>> It is also reason why I mentioned about an idea t
Kohei KaiGai writes:
>> I wonder if you could implement that as an extension given the command
>> trigger patch finds its way in. What do you think?
>>
> Unfortunately, it does not solve my point.
[...]
> It is also reason why I mentioned about an idea that put prep-creation hook
> on a limited
2011/11/26 Dimitri Fontaine :
> Kohei KaiGai writes:
>> We still don't have clear direction of the way to implement external
>> permission
>> checks on object creation time. So, please consider these patches are on the
>> proof-of-concept stage; using prep-creation-hook to permission checks.
>
>
Kohei KaiGai writes:
> We still don't have clear direction of the way to implement external
> permission
> checks on object creation time. So, please consider these patches are on the
> proof-of-concept stage; using prep-creation-hook to permission checks.
I wonder if you could implement that as
15 matches
Mail list logo