Re: security label support, part.2

Stephen Frost <sfrost@snowman.net>

From: Stephen Frost <sfrost@snowman.net>
To: Peter Eisentraut <peter_e@gmx.net>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Robert Haas <robertmhaas@gmail.com>, Kevin Grittner <Kevin.Grittner@wicourts.gov>, KaiGai Kohei <kaigai@kaigai.gr.jp>, pgsql-hackers@postgresql.org
Date: 2010-08-22T19:24:53Z
Lists: pgsql-hackers
* Peter Eisentraut (peter_e@gmx.net) wrote:
> On sön, 2010-08-22 at 15:08 -0400, Stephen Frost wrote:
> > Even though the permissions on the child table aren't invovled at all if
> > queried through the parent..?  The parent implicitly adds to the set of
> > privileges which are granted on the child, but that's not clear at all
> > from the permissions visible on the child.  That's principally what I'm
> > complaining about here.
> 
> Perhaps this is a user interface issue then.  Maybe the fact that a
> table is inherited from another one needs to be shown closer to
> whereever the permissions are listed.

That's a nice idea, except that we've got a pretty well defined API
regarding how to determine what the privileges on a table are, and many
different UIs which use it.  Fixing it in psql (if it needs to be..
iirc, \d or \d+ may already show it) doesn't really address the problem,
in my view.

	Thanks,

		Stephen