| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Simon Riggs <simon(at)2ndQuadrant(dot)com> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Petr Jelinek <petr(at)2ndquadrant(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Additional role attributes && superuser review |
| Date: | 2014-10-16 21:02:30 |
| Message-ID: | 20141016210230.GM28859@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* Simon Riggs (simon(at)2ndQuadrant(dot)com) wrote:
> On 16 October 2014 20:37, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>
> >> How about
> >>
> >> GRANT EXECUTE [PRIVILEGES] ON CAPABILITY foo TO bar;
> >>
> >> That is similar to granting execution privs on a function. And I think
> >> gets round the keyword issue?
> >
> > No, it doesn't.. EXECUTE isn't reserved at all.
>
> Yet GRANT EXECUTE is already valid syntax, so that should work.
Yeah, sorry, the issue with the above is that the "ON CAPABILITY" would
mean CAPABILITY needs to be reserved as otherwise we don't know if it's
a function or something else.
The keyword issue is with
GRANT <something> TO <role>;
As <something> could be a role.
Not sure offhand if
GRANT EXECUTE PRIVILEGES ON CAPABILITY foo TO bar;
would work.. In general, I'm not anxious to get involved in the
SQL-specified GRANT syntax though unless there's really good reason to.
Also, these aren't like normally granted privileges which can have an
ADMIN option and which are inheirited through role membership..
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2014-10-16 21:05:30 | Re: Additional role attributes && superuser review |
| Previous Message | Simon Riggs | 2014-10-16 20:56:48 | Re: Additional role attributes && superuser review |