From: | Kris Jurka <books(at)ejurka(dot)com> |
---|---|
To: | Andreas Pflug <pgadmin(at)pse-consulting(dot)de> |
Cc: | Edgar Mares <edgarmaf(at)ife(dot)org(dot)mx>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: grants |
Date: | 2004-03-11 06:13:28 |
Message-ID: | Pine.BSO.4.56.0403110108440.101@leary.csoft.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Wed, 10 Mar 2004, Andreas Pflug wrote:
> Kris Jurka wrote:
>
> >On Wed, 10 Mar 2004, Andreas Pflug wrote:
> >
> >The problem that cannot be solved with either this or a function that
> >loops and grants on each table is that it is not a permanent grant of what
> >the admin had in mind. If a new table is added or an existing table is
> >dropped and recreated, the grants must be done again. The real use of a
> >SELECT ANY TABLE permission is ignorance of schema updates.
> >
> >
> Hm, does this exist in other DBMS?
> As soon as roles are implemented, there might be a default role
> ('public') for this. Until then, using groups solves most of the
> problems (well, you certainly still need to GRANT rights to your
> preferred group).
>
Groups help, but only if you want to GRANT to more than one user, and you
still need to do it on after schema changes. I know this is implemented
in at least Oracle, SELECT ANY TABLE is in fact the permission
name used.
Kris Jurka
From | Date | Subject | |
---|---|---|---|
Next Message | Dennis Bjorklund | 2004-03-11 06:20:00 | Re: unsafe floats |
Previous Message | Tom Lane | 2004-03-11 06:04:49 | Re: How to get RelationName ?? |