Postgres Pro
Downloads
Home   >   mailing lists

Thread: pgsql: More cleanup on roles patch.

pgsql: More cleanup on roles patch.

From
tgl@svr1.postgresql.org (Tom Lane)
Date:
Log Message:
-----------
More cleanup on roles patch.  Allow admin option to be inherited through
role memberships; make superuser/createrole distinction do something
useful; fix some locking and CommandCounterIncrement issues; prevent
creation of loops in the membership graph.

Modified Files:
--------------
    pgsql/src/backend/commands:
        dbcommands.c (r1.162 -> r1.163)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/commands/dbcommands.c.diff?r1=1.162&r2=1.163)
        user.c (r1.154 -> r1.155)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/commands/user.c.diff?r1=1.154&r2=1.155)
    pgsql/src/backend/parser:
        gram.y (r2.500 -> r2.501)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/parser/gram.y.diff?r1=2.500&r2=2.501)
        keywords.c (r1.161 -> r1.162)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/parser/keywords.c.diff?r1=1.161&r2=1.162)
    pgsql/src/backend/utils/adt:
        acl.c (r1.116 -> r1.117)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/adt/acl.c.diff?r1=1.116&r2=1.117)
    pgsql/src/backend/utils/init:
        flatfiles.c (r1.10 -> r1.11)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/init/flatfiles.c.diff?r1=1.10&r2=1.11)
    pgsql/src/include/utils:
        acl.h (r1.79 -> r1.80)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/include/utils/acl.h.diff?r1=1.79&r2=1.80)

Re: pgsql: More cleanup on roles patch.

From
Oleg Bartunov
Date:
Do we follow RBAC  (http://csrc.nist.gov/rbac/) ?
Proposed NIST standard is available http://csrc.nist.gov/rbac/rbacSTD-ACM.pdf

     Oleg
On Wed, 29 Jun 2005, Tom Lane wrote:

> Log Message:
> -----------
> More cleanup on roles patch.  Allow admin option to be inherited through
> role memberships; make superuser/createrole distinction do something
> useful; fix some locking and CommandCounterIncrement issues; prevent
> creation of loops in the membership graph.
>
> Modified Files:
> --------------
>    pgsql/src/backend/commands:
>        dbcommands.c (r1.162 -> r1.163)
>        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/commands/dbcommands.c.diff?r1=1.162&r2=1.163)
>        user.c (r1.154 -> r1.155)
>        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/commands/user.c.diff?r1=1.154&r2=1.155)
>    pgsql/src/backend/parser:
>        gram.y (r2.500 -> r2.501)
>        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/parser/gram.y.diff?r1=2.500&r2=2.501)
>        keywords.c (r1.161 -> r1.162)
>        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/parser/keywords.c.diff?r1=1.161&r2=1.162)
>    pgsql/src/backend/utils/adt:
>        acl.c (r1.116 -> r1.117)
>        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/adt/acl.c.diff?r1=1.116&r2=1.117)
>    pgsql/src/backend/utils/init:
>        flatfiles.c (r1.10 -> r1.11)
>        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/init/flatfiles.c.diff?r1=1.10&r2=1.11)
>    pgsql/src/include/utils:
>        acl.h (r1.79 -> r1.80)
>        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/include/utils/acl.h.diff?r1=1.79&r2=1.80)
>
> ---------------------------(end of broadcast)---------------------------
> TIP 7: don't forget to increase your free space map settings
>

     Regards,
         Oleg
_____________________________________________________________
Oleg Bartunov, sci.researcher, hostmaster of AstroNet,
Sternberg Astronomical Institute, Moscow University (Russia)
Internet: oleg@sai.msu.su, http://www.sai.msu.su/~megera/
phone: +007(095)939-16-83, +007(095)939-23-83

Re: pgsql: More cleanup on roles patch.

From
Tom Lane
Date:
Oleg Bartunov <oleg@sai.msu.su> writes:
> Do we follow RBAC  (http://csrc.nist.gov/rbac/) ?

Personally, I'm reading SQL99 for this.

            regards, tom lane

Re: pgsql: More cleanup on roles patch.

From
Stephen Frost
Date:
* Tom Lane (tgl@sss.pgh.pa.us) wrote:
> Oleg Bartunov <oleg@sai.msu.su> writes:
> > Do we follow RBAC  (http://csrc.nist.gov/rbac/) ?
>
> Personally, I'm reading SQL99 for this.

I've been following an SQL2003 draft...  That looks interesting but I
think we probably want to stick to SQL..

    Thanks,

        Stephen
Attachment

Re: pgsql: More cleanup on roles patch.

From
Oleg Bartunov
Date:
On Wed, 29 Jun 2005, Stephen Frost wrote:

> * Tom Lane (tgl@sss.pgh.pa.us) wrote:
>> Oleg Bartunov <oleg@sai.msu.su> writes:
>>> Do we follow RBAC  (http://csrc.nist.gov/rbac/) ?
>>
>> Personally, I'm reading SQL99 for this.
>
> I've been following an SQL2003 draft...  That looks interesting but I
> think we probably want to stick to SQL..

we use RBAC for years as an external application and it's very nice to have it
built-in. I'm looking for possibility to check if given role have enough
privileges to perform some operation on some subset of data specified by
WHERE clause. For example, one role is granted full access the whole
catalog, while other could read all catalog and modify only part.

>
>     Thanks,
>
>         Stephen
>

     Regards,
         Oleg
_____________________________________________________________
Oleg Bartunov, sci.researcher, hostmaster of AstroNet,
Sternberg Astronomical Institute, Moscow University (Russia)
Internet: oleg@sai.msu.su, http://www.sai.msu.su/~megera/
phone: +007(095)939-16-83, +007(095)939-23-83