| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | pgsql-hackers(at)postgresql(dot)org, Petr Jelinek <pjmodos(at)pjmodos(dot)net> |
| Subject: | Re: GRANT ON ALL IN schema |
| Date: | 2009-06-17 14:09:04 |
| Message-ID: | 20090617140904.GL20436@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Peter,
* Peter Eisentraut (peter_e(at)gmx(dot)net) wrote:
> > Also since this patch introduces VIEWS as object with grantable
> > privileges, I added GRANT ON VIEW foo syntax which is more or less
> > synonymous to GRANT ON TABLE foo syntax. It felt weird to have GRANT ON
> > ALL VIEWS but not GRANT ON VIEW.
>
> As far as GRANT is concerned, a view is a table, so I would omit the
> VIEW/VIEWS stuff completely.
I would disagree with this. While an explicit GRANT doesn't need to
care, because you can't have a view and a table with the same name, I
feel *users* (like me) make a distinction there and may want to limit
the grant to just views or just tables.
What we do here will also impact the DefaultACL system that I'm working
on since I think we should be consistant between these two systems.
http://wiki.postgresql.org/wiki/DefaultACL
I don't like the idea that a 'GRANT ALL' would actually change default
ACLs for a schema though. These are two separate and distinct things-
one is implementing a change to existing objects, the other is setting a
default for new objects. Mixing them would lead to confusion.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2009-06-17 14:15:04 | Re: GRANT ON ALL IN schema |
| Previous Message | Peter Eisentraut | 2009-06-17 13:44:53 | Re: GRANT ON ALL IN schema |