From: | "Scott Marlowe" <scott(dot)marlowe(at)gmail(dot)com> |
---|---|
To: | "Craig Ringer" <craig(at)postnewspapers(dot)com(dot)au> |
Cc: | alvarezp(at)alvarezp(dot)ods(dot)org, pgsql-general(at)postgresql(dot)org |
Subject: | Re: Per-user schemas with inherited skeleton. |
Date: | 2009-01-08 07:09:08 |
Message-ID: | dcc563d10901072309xd90f000wf8b5ea5d100331c8@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Wed, Jan 7, 2009 at 11:39 PM, Craig Ringer
<craig(at)postnewspapers(dot)com(dot)au> wrote:
> Scott Marlowe wrote:
>
>>>> Is there a way to let PostgreSQL to allow inherited tables to be owned
>>>> by different roles?
>>>
>>> Not that I know of, and given the security implications I'd be a bit
>>> nervous
>>> about it unless it was done via an explicitly GRANTed right.
>>
>> I hope here you're meaning to have tables that are inheritable by
>> various non-role members. It works as long as everyone's in the same
>> group role with the right permissions. Since you'd have to change
>> ownership to the group role for the parent table, everyone would, in
>> effect, own it now. But if you wanna do it...
>
> That's right - I refer to inheritance by a user that's not a member of the
> role that owns the table.
>
> If the inheriting users *are* a member of the owning role of the parent
> table, then they can select and update the shared-structure part of OTHER
> users' records via the parent table, as well as their own. IIRC they can
> delete other users records via the parent table, too. Not ideal if the
> various users are supposed to be blind to each others' data, as appears to
> be the case here.
Also alter table gets locked by the child tables. If stan, a member
of sharing, tries to change the inherited table top, which user ted
has inherited, he gets an error saying he has to have alter perms on
ted's table.
From | Date | Subject | |
---|---|---|---|
Next Message | Mayuresh Nirhali | 2009-01-08 07:30:07 | Error: column "host" does not exist |
Previous Message | Scott Marlowe | 2009-01-08 07:06:52 | Re: Per-user schemas with inherited skeleton. |