Skip site navigation (1) Skip section navigation (2)

Re: GRANT ON ALL IN schema

From: Abhijit Menon-Sen <ams(at)toroid(dot)org>
To: pgsql-hackers(at)postgresql(dot)org
Cc: Petr Jelinek <pjmodos(at)pjmodos(dot)net>
Subject: Re: GRANT ON ALL IN schema
Date: 2009-09-20 14:50:11
Message-ID: 20090920145011.GA24273@toroid.org (view raw or flat)
Thread:
Lists: pgsql-hackers
(This is a partial review of the grantonall-20090810v2.diff patch posted
by Petr Jelinek on 2009-08-10 (hi PJMODOS!). See
http://archives.postgresql.org/message-id/4A7F5853.5010506@pjmodos.net
for the original message.)

I have not yet been able to do a complete review of this patch, but I am
posting this because I'll be travelling for a week starting tomorrow. My
comments are based mostly on reading the patch, and not on any intensive
testing of the feature. I have left the patch status unchanged at "needs
review", although I think it's close to "ready for committer".

I really like this patch. It's easy to understand and written in a very
straightforward way, and addresses a real need that comes up time and
again on various support fora. I have only a couple of minor comments.

1. The patch did apply to HEAD and build cleanly, but there are now a
   couple of minor (documentation) conflicts. (Sorry, I would have fixed
   them and reposted a patch, but I'm running out of time right now.)

> *** a/doc/src/sgml/ref/grant.sgml
> --- b/doc/src/sgml/ref/grant.sgml
> [...]
> 
>     <para>
> +    There is also the possibility of granting permissions to all objects of
> +    given type inside one or multiple schemas. This functionality is supported
> +    for tables, views, sequences and functions and can done by using
> +    ALL {TABLES|SEQUENCES|FUNCTIONS} IN SCHEMA schemaname syntax in place
> +    of object name.
> +   </para>
> + 
> +   <para>

2. Here I suggest the following wording:

    <para>
    You can also grant permissions on all tables, sequences, or
    functions that currently exist within a given schema by specifying
    "ALL {TABLES|SEQUENCES|FUNCTIONS} IN SCHEMA schemaname" in place of
    an object name.
    </para>

3. I believe MySQL's "grant all privileges on foo.* to someone" grants
   privileges on all existing objects in foo _but also_ on any objects
   that may be created later. This patch only gives you a way to grant
   privileges only on the objects currently within a schema. I strongly
   prefer this behaviour myself, but I do think the documentation needs
   a brief mention of this fact, to avoid surprising people. That's why
   I added "that currently exist" to (2), above. Maybe another sentence
   that specifically says that objects created later are unaffected is
   in order. I'm not sure.

-- ams

In response to

Responses

pgsql-hackers by date

Next:From: Pavel StehuleDate: 2009-09-20 15:25:25
Subject: Re: Anonymous code blocks
Previous:From: Ron MayerDate: 2009-09-20 13:21:38
Subject: Re: updated hstore patch

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group