| From: | Petr Jelinek <pjmodos(at)pjmodos(dot)net> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: GRANT ON ALL IN schema |
| Date: | 2009-06-17 14:31:05 |
| Message-ID: | 4A38FE29.5030205@pjmodos.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Peter Eisentraut wrote:
> I think you should design this with a bit wider scope. Instead of just "all
> tables in this schema", think "all tables satisfying some condition". It has
> been requested, for example, to be able to grant on all tables that match a
> pattern.
>
Well, that's certainly possible to do. But I am not sure what kind of
conditions (besides the name), nor I don't see any sane grammar for this
(maybe something like GRANT SELECT ON TABLE WHERE NAME LIKE '%foo' but
that's far to weird). That all tables in this schema thing was agreed on
on this mailing list and put on TODO so I thought it's something people
want in this form (I know I needed it myself).
> As far as GRANT is concerned, a view is a table, so I would omit the
> VIEW/VIEWS stuff completely.
>
This maybe true for underlying implementation and for granting
permissions to a single object, but you might want to grant select on
all views without granting it to all tables in the schema. And as I said
having VIEWS and not VIEW just seems weird. Also I don't see why you
would want to add possibility of specifying stricter conditions for
objects and at the same time remove possibility of distinguishing
between tables and views.
--
Regards
Petr Jelinek (PJMODOS)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2009-06-17 14:32:51 | Re: machine-readable explain output |
| Previous Message | Robert Haas | 2009-06-17 14:30:43 | Re: machine-readable explain output |