Re: [HACKERS] Re: [PATCHES] NO-CREATE-TABLE and NO-LOCK-TABLE

Karel Zak <zakkr@zf.jcu.cz>

From: Karel Zak - Zakkr <zakkr@zf.jcu.cz>
To: Thomas Lockhart <lockhart@alumni.caltech.edu>
Cc: Peter Eisentraut <peter_e@gmx.net>, PostgreSQL Development <pgsql-hackers@postgresql.org>
Date: 2000-02-29T14:40:40Z
Lists: pgsql-hackers
On Tue, 29 Feb 2000, Thomas Lockhart wrote:

> > plan make changes to acl/account code it must be non-isolate change (it
> > must include user-profiles ..etc). (IMO of course :-)
> 
> While I'm thinking about it...
> 
> The current acl storage scheme flattens the acl info into a single
> string, with a special character ("=" as I recall) to delimit the
> user/group name from the permissions. But by quoting the user name, it
> is possible to create a user name which contains an equals sign,
> screwing up the acl handling.
> 
> If you are redoing the acls, a good first step is to fix this, perhaps
> by recoding the acl field into a structure with at least two fields
> for username and permissions.

 Yes. And..the current schema (acl in pg_class) is not relation schema, in 
the pg_class is username not user's oid...ect. Is possible create it as
relation? (Example, in pg_group we haven't username, we use oid here.) 

My acl idea:

Why not create specific pg_acl table and split a current monolitic
acl string to more columns? Example:

 Columns in pg_acl table:

	reloid		(oid)	 - relation (table) oid
	user_insert	(text[]) - privilege for users for insert
				 - in text array is 
			{"username1","username2"... 	}
			(or use user's oid instead username)   

	group_insert	- simular as previous, but for group
	user_delete	- ....etc.
	...

example:

SELECT * from pg_acl;

reloid  | user_insert        | group_insert | user_delete ..........etc
---------------------------------------------------------
12345   | {"karel", "peter"} | {"group1"}   | {"karel"}   ..........etc


Is it bad idea? (It never needs any specific acl string parser, take 
informatios from this table is very simple and very standard 
"tuple-operation".) Yes, it is a little "talkative", but if instead
user/group name we use oid, it will right and nice.

 ...as I said: is the current acl/account schema good?   

					Karel