Re: [v9.2] sepgsql's DROP Permission checks

Robert Haas <robertmhaas@gmail.com>

From: Robert Haas <robertmhaas@gmail.com>
To: Kohei KaiGai <kaigai@kaigai.gr.jp>
Cc: PgHacker <pgsql-hackers@postgresql.org>
Date: 2012-01-19T01:34:13Z
Lists: pgsql-hackers
On Wed, Jan 18, 2012 at 9:50 AM, Kohei KaiGai <kaigai@kaigai.gr.jp> wrote:
> In sepgsql side, it determines a case to apply permission checks
> according to the contextual information; that is same technique
> when we implemented create permission.
> Thus, it could checks db_xxx:{drop} permission correctly.

Why do we need the contextual information in this case?  Why
can't/shouldn't the decision be made solely on the basis of what
object is targeted?

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company