Обсуждение: AW: AW: Proposal for enhancements of privilege system

Поиск
Список
Период
Сортировка

AW: AW: Proposal for enhancements of privilege system

От
Zeugswetter Andreas SB
Дата:
> > > > Other db's usually use a char array for priaction and don't have
> > > > priisgrantable, but code it into priaction. Or they use 
> a bitfield.
> > > > This has the advantage of only producing one row per table.
> > > 
> > > That's the price I'm willing to pay for abstraction, 
> > > extensibility, and
> > > verifyability. But I'm open for better ideas.
> > 
> > Imho this is an area that is extremly sensitive to performance,
> > the rights have to be checked for each access.
> 
>  Yes, but I believe that Peter's idea is good. System tables 
> are used for
> each access not only for ACL, and performance problem is a problem for
> system cache not primary for privilege system.

Yes I totally agree, that the basic idea is great, all I am saying is, that
I would 
1. gather more than one priviledge per table into one row (all of: select,
insert, update ...)
2. try to look at some existing table structure from one biggie db and see
if it fits

Andreas


Re: AW: AW: Proposal for enhancements of privilege system

От
Karel Zak
Дата:
On Tue, 30 May 2000, Zeugswetter Andreas SB wrote:

> >  Yes, but I believe that Peter's idea is good. System tables 
> > are used for
> > each access not only for ACL, and performance problem is a problem for
> > system cache not primary for privilege system.
> 
> Yes I totally agree, that the basic idea is great, all I am saying is, that
> I would 
> 1. gather more than one priviledge per table into one row (all of: select,
> insert, update ...)
I disccuse this idea with Peter some month ago via private mails (Peter 
has big patience .. :-) and we already calculate about it. 
* needful ACL data for one object will very small and not spend very memory   in cache, * in one moment you need
informationabout one object and one privilege  type. SELECT/UPDATE/etc in one row is not needful, if you run SELECT you
need information about priv. for select only.  * it is very easy extendible, is not defined some special pozition in
some string or some special column for (example) SELECT. You can in future add  new privilege element.  
 

> 2. try to look at some existing table structure from one biggie db and see
> if it fits
 See pg_attribute --- here is very simular situation, but it is larger.
                        Karel