| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Kris Jurka <books(at)ejurka(dot)com> |
| Cc: | Shridhar Daithankar <shridhar(at)frodo(dot)hserus(dot)net>, Alexander Priem <ap(at)cict(dot)nl>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Grant / Revoke functionality |
| Date: | 2004-02-19 06:34:46 |
| Message-ID: | 29423.1077172486@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Kris Jurka <books(at)ejurka(dot)com> writes:
> On Wed, 18 Feb 2004, Shridhar Daithankar wrote:
>> You can use schemas. Just put everything under schema and grant user
>> rights to the schema...
> This is not accurate. The only schema level permissions are CREATE and
> USAGE they are independent of the permissions on the objects contained
> within. He would still need to grant access to the underlying objects.
Right, but he could grant the required rights to PUBLIC and rely on
schema-level USAGE to control whether particular users can actually
get at particular objects. It'd be a pretty coarse-grained structure,
but it might be good enough.
Personally I'd suggest looking at using groups ...
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alex | 2004-02-19 06:51:57 | VACUUM Question |
| Previous Message | Kris Jurka | 2004-02-19 05:35:33 | Re: Grant / Revoke functionality |