diff --git a/doc/TODO.detail/privileges b/doc/TODO.detail/privileges index 0aa7508aef..7bdd732e85 100644 --- a/doc/TODO.detail/privileges +++ b/doc/TODO.detail/privileges @@ -1106,3 +1106,157 @@ extensions afterwards? regards, tom lane +From zakkr@zf.jcu.cz Wed May 9 05:12:41 2001 +Return-path: +Received: from ara.zf.jcu.cz (zakkr@ara.zf.jcu.cz [160.217.161.4]) + by candle.pha.pa.us (8.10.1/8.10.1) with ESMTP id f499Cbu05406 + for ; Wed, 9 May 2001 05:12:37 -0400 (EDT) +Received: (from zakkr@localhost) + by ara.zf.jcu.cz (8.9.3/8.9.3/Debian 8.9.3-21) id LAA20000; + Wed, 9 May 2001 11:12:35 +0200 +Date: Wed, 9 May 2001 11:12:35 +0200 +From: Karel Zak +To: Bruce Momjian +cc: pgsql-hackers +Subject: Re: [HACKERS] NOCREATETABLE patch (was: Re: Please, help!(about Postgres)) +Message-ID: <20010509111235.A18101@ara.zf.jcu.cz> +References: <200105071848.f47ImBh20345@candle.pha.pa.us> +MIME-Version: 1.0 +Content-Type: text/plain; charset=us-ascii +User-Agent: Mutt/1.0.1i +In-Reply-To: <200105071848.f47ImBh20345@candle.pha.pa.us>; from pgman@candle.pha.pa.us on Mon, May 07, 2001 at 02:48:11PM -0400 +Status: ORr + +On Mon, May 07, 2001 at 02:48:11PM -0400, Bruce Momjian wrote: +> +> Can someone remind me what we are going to do with this? +> +> > This patch add to 7.0.2 code NOCREATETABLE and NOLOCKTABLE feature: + + + It's my old patch, it's usable and some people use it for 7.0.x. But +it's really temporary solution and it was 1 day in official CVS :-) +We remove it after discussion with Peter E. More correct will implement +better privilege system. + + A privilege system is *very* important for real multiuser and +sophisticated systems. For example if you compare PostgreSQL with Oracle, +the PostgreSQL is really not winner in this part. Peter has some idea +about it and Jan sent something about it too, but I not sure if somebody +works on this and plannig it for some next release (or...? -- will good +if I not right:-) + + Karel + +From pgsql-hackers-owner+M8485@postgresql.org Wed May 9 10:11:53 2001 +Return-path: +Received: from postgresql.org (webmail.postgresql.org [216.126.85.28]) + by candle.pha.pa.us (8.10.1/8.10.1) with ESMTP id f49EBqu24085 + for ; Wed, 9 May 2001 10:11:52 -0400 (EDT) +Received: from postgresql.org.org (webmail.postgresql.org [216.126.85.28]) + by postgresql.org (8.11.3/8.11.1) with SMTP id f49EBiA44525; + Wed, 9 May 2001 10:11:44 -0400 (EDT) + (envelope-from pgsql-hackers-owner+M8485@postgresql.org) +Received: from corvette.mascari.com (dhcp065-024-161-045.columbus.rr.com [65.24.161.45]) + by postgresql.org (8.11.3/8.11.1) with ESMTP id f49DVoA25183 + for ; Wed, 9 May 2001 09:31:51 -0400 (EDT) + (envelope-from mascarm@mascari.com) +Received: from ferrari (ferrari.mascari.com [192.168.2.1]) + by corvette.mascari.com (8.9.3/8.9.3) with SMTP id JAA11700; + Wed, 9 May 2001 09:20:46 -0400 +Received: by localhost with Microsoft MAPI; Wed, 9 May 2001 09:29:01 -0400 +Message-ID: <01C0D86A.7B6E19C0.mascarm@mascari.com> +From: Mike Mascari +Reply-To: "mascarm@mascari.com" +To: "'Zeugswetter Andreas SB'" , + "'Bruce Momjian'" + +cc: Karel Zak , + pgsql-hackers + +Subject: RE: [HACKERS] NOCREATETABLE patch (was: Re: Please, help!(about P ostgres)) +Date: Wed, 9 May 2001 09:29:01 -0400 +Organization: Mascari Development Inc. +X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4211 +MIME-Version: 1.0 +Content-Type: text/plain; charset="us-ascii" +Content-Transfer-Encoding: 7bit +Precedence: bulk +Sender: pgsql-hackers-owner@postgresql.org +Status: OR + +That makes perfect sense to me. I was only going by what System +Privileges are granted to the Oracle roles of the same name. Oracle +has: + +CONNECT - +ALTER SESSION +CREATE CLUSTER +CREATE DATABASE LINK +CREATE SEQUENCE +CREATE SESSION +CREATE SYNONYM +CREATE TABLE +CREATE VIEW + +RESOURCE - +CREATE CLUSTER +CREATE PROCEDURE +CREATE SEQUENCE +CREATE TABLE +CREATE TRIGGER + +DBA - +All systems privileges WITH ADMIN OPTION + +But I agree with you. When I was first learning Oracle, I thought it +strange that the CONNECT role had anything more than CREATE/ALTER +SESSION privilege. + +Mike Mascari +mascarm@mascari.com + +-----Original Message----- +From: Zeugswetter Andreas SB [SMTP:ZeugswetterA@wien.spardat.at] +Sent: Wednesday, May 09, 2001 3:20 AM +To: 'Bruce Momjian'; mascarm@mascari.com +Cc: Karel Zak; pgsql-hackers +Subject: AW: [HACKERS] NOCREATETABLE patch (was: Re: Please, +help!(about P ostgres)) + + +> > The connect group would be granted these System Privileges: + +If we keep it like others (e.g. Informix) this System Privilege would +be called +"resource". I like this name better, because it more describes the +detailed +priviledges. + +> > +> > CREATE AGGREGATE privilege +> > CREATE INDEX privilege +> > CREATE FUNCTION privilege +> > CREATE OPERATOR privilege +> > CREATE RULE privilege +> > CREATE SESSION privilege +> > CREATE SYNONYM privilege +> > CREATE TABLE privilege +> > CREATE TRIGGER privilege +> > CREATE TYPE privilege +> > CREATE VIEW privilege + +The "connect" group would only have the priviledge to connect to the +db [and +create temp tables ?] and rights they where granted, or that were +granted to public. +They would not be allowed to create anything. + +Andreas + + +---------------------------(end of broadcast)--------------------------- +TIP 6: Have you searched our list archives? + +http://www.postgresql.org/search.mpl +