| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Default permissisons from schemas |
| Date: | 2007-01-23 05:28:05 |
| Message-ID: | 10308.1169530085@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Stephen Frost <sfrost(at)snowman(dot)net> writes:
> Following up on my reply to Joshua, what I'd like to propose is, for
> comments and suggestions:
> ALTER SCHEMA name [ [ WITH ] [ DEFAULT ] option [ ... ] ]
> where option can be:
> { GRANT { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRI=
> GGER | EXECUTE }=20
> [,...] | ALL [ PRIVILEGES ] }=20
> TO { role | PUBLIC } [, ...] [ WITH GRANT OPTION ]=20
> } [, ...]
> OWNER role
This seems to ignore the problem that different types of objects have
different privileges. E.g., if I want to grant USAGE on all sequences
that doesn't necessarily mean I want to grant USAGE on all languages.
> When not-null the 'nspdefowner' would be the owner of all
> objects created in the schema.
Whoa. You are going to allow people to create objects owned by someone
else? I don't think so ... most Unix systems have forbidden object
give-away for years, for very good reasons.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joshua D. Drake | 2007-01-23 05:30:25 | Re: [HACKERS] Win32 WEXITSTATUS too |
| Previous Message | Joshua D. Drake | 2007-01-23 05:06:10 | Re: Updateable cursors |