Обсуждение: Using aclitem[] at application layer

Hello,

In an attempt to implement ACLs at the application layer (for resources stored outside of the database), I am
evaluatingusing aclitem[] as a column type. All the functions I would need seem to be in place: aclcontains,
aclexplode,aclinsert, aclitemeq, aclitemin, aclitemout, aclremove, but they are conspicuously missing from the
documentation(http://www.mail-archive.com/pgsql-patches@postgresql.org/msg03400.html), so I wonder if there are any
caveatsor hurdles which would make me consider writing my own type. 

From a cursory examination, it looks like the limitations would be:

1) roles must refer to postgresql roles (that's fine for my case)

2) permission options are hardcoded to "arwdDxtXUCTc" (not so great)

Are there any other problems I would encounter?

Cheers,
M

"A.M." <agentm@themactionfaction.com> writes:
> In an attempt to implement ACLs at the application layer (for resources stored outside of the database), I am
evaluatingusing aclitem[] as a column type. All the functions I would need seem to be in place: aclcontains,
aclexplode,aclinsert, aclitemeq, aclitemin, aclitemout, aclremove, but they are conspicuously missing from the
documentation(http://www.mail-archive.com/pgsql-patches@postgresql.org/msg03400.html), so I wonder if there are any
caveatsor hurdles which would make me consider writing my own type. 

Other than the fact that we'd feel free to change the behavior of any or
all of that with no notice?

aclitem is an internal type.  If you depend on its behavior, you'll have
only yourself to blame if your application fails in the future.

(I probably wouldn't bother making this point, if the immediately
preceding message hadn't been from someone whining because we changed
the behavior of hashname() ...)

            regards, tom lane