| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Simon Riggs <simon(at)2ndQuadrant(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Privileges |
| Date: | 2010-04-19 23:26:26 |
| Message-ID: | 8388.1271719586@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Simon Riggs <simon(at)2ndQuadrant(dot)com> writes:
> There is a command to set privileges
> GRANT SELECT ON ALL TABLES IN SCHEMA foo TO PUBLIC;
> and a command to set default privileges
> ALTER DEFAULT PRIVILEGES IN SCHEMA foo
> GRANT SELECT ON TABLES TO PUBLIC;
> In the first command the ALL is required, whereas in the second command
> the ALL must be absent.
> ISTM that the ALL should be optional in both cases.
I don't believe this is a good idea. ALL in the second statement would
give a completely misleading impression, because it does *not* grant
privileges on all tables, in particular it doesn't affect existing
tables. Conversely, leaving out ALL in the first statement would limit
our flexibility to insert additional options there in future. (ALL is a
fully reserved word, TABLES isn't, so your proposal greatly increases
the odds of future syntactic conflicts.)
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2010-04-19 23:26:41 | Re: Thoughts on pg_hba.conf rejection |
| Previous Message | Tom Lane | 2010-04-19 23:18:57 | Re: Thoughts on pg_hba.conf rejection |