Skip site navigation (1) Skip section navigation (2)

Re: Schema security

From: "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
To: Paul Lambert <paul(dot)lambert(at)reynolds(dot)com(dot)au>
Cc: pgsql admin <pgsql-admin(at)postgresql(dot)org>
Subject: Re: Schema security
Date: 2007-12-13 18:49:22
Message-ID: (view raw or whole thread)
Lists: pgsql-admin
Hash: SHA1

On Thu, 13 Dec 2007 14:55:53 +0900
Paul Lambert <paul(dot)lambert(at)reynolds(dot)com(dot)au> wrote:
> > The analogy to think about is that usage privilege on a schema is
> > comparable to read access on a directory.  That doesn't necessarily
> > give you access to any single file in the directory --- but lack of
> > it does ensure you cannot get to those files.
> > 
> > 			regards, tom lane

> Point taken and yes, I would agree that default behavior should be to 
> not give priviledges to anything other than the explicitly defined 
> object - but would it not be a good idea to provide some sort of 
> cascade/recurse option to granting/revoking privileges so that doing
> so on a container object results in the priviledges being propogated
> down the line for the cases where such is desired?

Yes and it has been oft requested. However :), nobody has coded a patch
or submitted a proposal on how it would be done in a maintainable

> Taking your example of file permissions - although it is not default 
> behavior, it is possible to recursively apply a priviledge change to
> a directory onto files/subdirectories within it. Certainly it can be
> done on OpenVMS and Windows that I work with primarily and I'm 99%
> sure it can be done on *ix systems too.

Yes *ix can do it to.


Joshua D. Drake 

- -- 
The PostgreSQL Company: Since 1997, 
Sales/Support: +1.503.667.4564   24x7/Emergency: +1.800.492.2240
Donate to the PostgreSQL Project:
SELECT 'Training', 'Consulting' FROM vendor WHERE name = 'CMD'

Version: GnuPG v1.4.6 (GNU/Linux)


In response to

pgsql-admin by date

Next:From: Tena SakaiDate: 2007-12-13 19:33:56
Subject: reading pg_stat_activity view
Previous:From: Ivo RossacherDate: 2007-12-13 18:32:39
Subject: Re: odbc problem on Japanese windows machine

Privacy Policy | About PostgreSQL
Copyright © 1996-2015 The PostgreSQL Global Development Group