| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Nikhil Sontakke <nikhil(dot)sontakke(at)enterprisedb(dot)com>, Petr Jelinek <pjmodos(at)pjmodos(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: GRANT ON ALL IN schema |
| Date: | 2009-08-05 16:59:52 |
| Message-ID: | 21246.1249491592@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> ... bulk-grant could be based on object type,
> object name (with wildcard or regexp pattern), schema membership, or
> maybe other things, and I think that would be quite useful if we can
> figure out how to make it clean and elegant.
Yeah. In the end you can always write a plpgsql function that filters
on anything at all. The trick is to pick some useful subset of
functionality that can be exposed in a less messy way.
Or maybe we are going at this the wrong way? Would it be better to try
harder to support the write-a-plpgsql-function approach? I don't think
the documentation even mentions that approach, let alone provides any
concrete examples. It might be interesting to document it and see if
there are any simple things we could do to file off rough edges in doing
grants that way, rather than implementing what must ultimately be a
limited solution directly in GRANT.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sam Mason | 2009-08-05 17:13:11 | Re: the case for machine-readable error fields |
| Previous Message | Robert Haas | 2009-08-05 16:51:41 | Re: GRANT ON ALL IN schema |