| From: | "Merlin Moncure" <merlin(dot)moncure(at)rcsonline(dot)com> |
|---|---|
| To: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | "PostgreSQL-development" <pgsql-hackers(at)postgresql(dot)org>, "Matthias Schmidt" <schmidtm(at)mock-software(dot)de> |
| Subject: | Re: Allow GRANT/REVOKE permissions to be applied to all schema objects with one command |
| Date: | 2005-01-31 14:59:20 |
| Message-ID: | 6EE64EF3AB31D5448D0007DD34EEB3412A75FA@Herge.rcsinc.local |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> Josh's last suggestion (ALL TABLES IN someschema) seems to me to be a
> reasonable compromise between usefulness, syntactic weirdness, and
> hiding implementation details.
Maybe it is not necessary to extend the syntax to distinguish between
the two cases. Maybe it's worth considering to have newly created
tables/functions automatically 'GRANTED' with permissions set at the
schema level. This could perhaps by guarded with GUC variable to
preserve compatibility with previous versions. That way people like me
who prefer this behavior can just set security at the schema level which
is what we want.
In the event that the schema security changes, I don't mind having to
issue one of Matthias's beefed up GRANTS to get everything right.
This removes confusion and allows more freedom to tinker with the GRANT
sytax. Plus, it makes having to mess with the system tables/views less
likely, IMO.
Merlin
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2005-01-31 15:01:19 | Re: Two-phase commit for 8.1 |
| Previous Message | a_ogawa | 2005-01-31 14:38:01 | FunctionCallN improvement. |