| From: | Neil Conway <nconway(at)klamath(dot)dyndns(dot)org> |
|---|---|
| To: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | mail(at)joeconway(dot)com, peter_e(at)gmx(dot)net, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Sequence privileges |
| Date: | 2002-05-19 00:00:00 |
| Message-ID: | 20020518200000.43b0b36e.nconway@klamath.dyndns.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sat, 18 May 2002 19:45:30 -0400
"Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Joe Conway <mail(at)joeconway(dot)com> writes:
> > Since the sequence-specific operations are really just function calls,
> > maybe it should be:
> > SELECT: read sequence as a table
> > EXECUTE: all sequence-specific operations.
>
> But is it worth creating a compatibility problem for? Existing pg_dump
> scripts are likely to GRANT UPDATE. They certainly won't say GRANT
> EXECUTE since that doesn't even exist in current releases.
>
> I agree that EXECUTE (or some sequence-specific permission name we might
> think of instead) would be logically cleaner, but I don't think it's
> worth the trouble of coming up with a compatibility workaround.
Well, one possible compatibility workaround would be trivial -- we could
hack GRANT so that doing GRANT UPDATE on sequence relations is
translated into GRANT EXECUTE.
As for whether it's worth the bother, I'm not sure -- neither
solution strikes me as particularly clean.
Cheers,
Neil
--
Neil Conway <neilconway(at)rogers(dot)com>
PGP Key ID: DB3C29FC
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tatsuo Ishii | 2002-05-19 00:03:11 | Re: Set-returning function syntax |
| Previous Message | Tom Lane | 2002-05-18 23:45:30 | Re: Sequence privileges |