Re: GRANT ON ALL IN schema

From: Abhijit Menon-Sen <ams(at)toroid(dot)org>
To: pgsql-hackers(at)postgresql(dot)org
Cc: Petr Jelinek <pjmodos(at)pjmodos(dot)net>
Subject: Re: GRANT ON ALL IN schema
Date: 2009-09-20 14:50:11
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

(This is a partial review of the grantonall-20090810v2.diff patch posted
by Petr Jelinek on 2009-08-10 (hi PJMODOS!). See
for the original message.)

I have not yet been able to do a complete review of this patch, but I am
posting this because I'll be travelling for a week starting tomorrow. My
comments are based mostly on reading the patch, and not on any intensive
testing of the feature. I have left the patch status unchanged at "needs
review", although I think it's close to "ready for committer".

I really like this patch. It's easy to understand and written in a very
straightforward way, and addresses a real need that comes up time and
again on various support fora. I have only a couple of minor comments.

1. The patch did apply to HEAD and build cleanly, but there are now a
couple of minor (documentation) conflicts. (Sorry, I would have fixed
them and reposted a patch, but I'm running out of time right now.)

> *** a/doc/src/sgml/ref/grant.sgml
> --- b/doc/src/sgml/ref/grant.sgml
> [...]
> <para>
> + There is also the possibility of granting permissions to all objects of
> + given type inside one or multiple schemas. This functionality is supported
> + for tables, views, sequences and functions and can done by using
> + ALL {TABLES|SEQUENCES|FUNCTIONS} IN SCHEMA schemaname syntax in place
> + of object name.
> + </para>
> +
> + <para>

2. Here I suggest the following wording:

You can also grant permissions on all tables, sequences, or
functions that currently exist within a given schema by specifying
an object name.

3. I believe MySQL's "grant all privileges on foo.* to someone" grants
privileges on all existing objects in foo _but also_ on any objects
that may be created later. This patch only gives you a way to grant
privileges only on the objects currently within a schema. I strongly
prefer this behaviour myself, but I do think the documentation needs
a brief mention of this fact, to avoid surprising people. That's why
I added "that currently exist" to (2), above. Maybe another sentence
that specifically says that objects created later are unaffected is
in order. I'm not sure.

-- ams

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Pavel Stehule 2009-09-20 15:25:25 Re: Anonymous code blocks
Previous Message Ron Mayer 2009-09-20 13:21:38 Re: updated hstore patch