Josh Berkus <josh(at)agliodbs(dot)com> writes:
> The problem with this approach is it leaves us with no way to REVOKE
> permissions on a specific table from a user who has permissions on the
> SCHEMA. Our permissions model is completely additive, so if you did:
Why is that a problem? The complaint seems about analogous to saying
we should not have groups because you can't REVOKE rights from an
individual user if he has them via a group membership.
> And overall, I'd think it would make the feature a *lot* less useful;
> basically it would encourage a lot of DBAs to organize their schemas by
> security level, which is not really what schemas are for.
Why would this mechanism encourage that more than the other one would?
regards, tom lane
In response to
pgsql-hackers by date
|Next:||From: Joshua D. Drake||Date: 2005-02-01 18:06:44|
|Subject: Re: float4 regression test failed on linux parisc|
|Previous:||From: Ron Mayer||Date: 2005-02-01 17:12:17|
|Subject: Re: Patent issues and 8.1|