Skip site navigation (1) Skip section navigation (2)

Re: Allow GRANT/REVOKE permissions to be applied to all schema

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: josh(at)agliodbs(dot)com
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Allow GRANT/REVOKE permissions to be applied to all schema
Date: 2005-02-01 17:34:10
Message-ID: 15759.1107279250@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
Josh Berkus <josh(at)agliodbs(dot)com> writes:
> The problem with this approach is it leaves us with no way to REVOKE 
> permissions on a specific table from a user who has permissions on the 
> SCHEMA.  Our permissions model is completely additive, so if you did:

Why is that a problem?  The complaint seems about analogous to saying
we should not have groups because you can't REVOKE rights from an
individual user if he has them via a group membership.

> And overall, I'd think it would make the feature a *lot* less useful; 
> basically it would encourage a lot of DBAs to organize their schemas by 
> security level, which is not really what schemas are for.

Why would this mechanism encourage that more than the other one would?

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Joshua D. DrakeDate: 2005-02-01 18:06:44
Subject: Re: float4 regression test failed on linux parisc
Previous:From: Ron MayerDate: 2005-02-01 17:12:17
Subject: Re: Patent issues and 8.1

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group