Re: Granting permission on a sequence to a group

From: "Walker, Jed S" <Jed_Walker(at)cable(dot)comcast(dot)com>
To: 'Bruno Wolff III' <bruno(at)wolff(dot)to>
Cc: "'pgsql-novice(at)postgresql(dot)org'" <pgsql-novice(at)postgresql(dot)org>
Subject: Re: Granting permission on a sequence to a group
Date: 2005-04-22 16:47:06
Message-ID: 41669DC6FE3B80449A33A4DD46DB370A09E7EAFE@entcoexch15.broadband.att.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-novice

That seems like a good way to handle it. Thanks for the info!

-----Original Message-----
From: Bruno Wolff III [mailto:bruno(at)wolff(dot)to]
Sent: Friday, April 22, 2005 9:14 AM
To: Walker, Jed S
Cc: 'pgsql-novice(at)postgresql(dot)org'
Subject: Re: Granting permission on a sequence to a group

On Fri, Apr 22, 2005 at 08:29:35 -0600,
"Walker, Jed S" <Jed_Walker(at)cable(dot)comcast(dot)com> wrote:
> correct way to do this I'd appreciate it.
>
> Since a sequence in postgres is actually a table, I realized that to
> pull a value off and have it increment you must be able to update the
> table. So I granted select and update on the sequence to the group,
> and now the user's in the group are able to use nextval().
>
> Is this definitely the correct way to handle this?
>
> The thing I really don't like about this is that now the user's in
> that group can perform setval() on the sequence! That's seem like a big
risk.
>
> If someone can confirm my solution or give me the proper way to do
> this I would greatly appreciate it.

This has been discussed in the past. My memory is that people were amenable
to using INSERT to give access to nextval and UPDATE to give access to
setval. But I don't think anyone volunteered to do this.

Browse pgsql-novice by date

  From Date Subject
Next Message Van Ingen, Lane 2005-04-22 16:59:55 Re: CHECK Constraints
Previous Message Bruno Wolff III 2005-04-22 16:37:05 Re: CHECK Constraints