Re: Allow GRANT/REVOKE permissions to be applied to all schema objects with one command

Matthias wrote:
> I think it is best to code the basic functionallity within the two new
> commands, and see
> how this works out. We can add your idea and others on top of it later
> on.

I think you should do whatever you think is most
appropriate...discussion can of course continue after you have a
workable patch...I'm just a pundit anyways...

Just for your consideration though:

Is this:
GRANT SELECT ON ALL TABLES IN public TO phpuser;
GRANT SELECT ON NEW TABLES IN public TO phpuser;

Really better than this?
GRANT { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER
| EXECUTE | CREATE | ALL [ PRIVILEGES ] } ON SCHEMA schemaname [,
...]
TO { username | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT
OPTION ]

A table or function privilege, if it exists, will override anything for
the table. This will be faster (FWIW) than a multiple table grant
because it's just setting one permission at the schema level. Someone
else will have to comment on how effectively this will work with
existing implementation, however.

For example, granting 'select' to a schema (which currently is
impossible) solves both the 'all'/'new' problem...it implicitly adds
select privileges to all current tables and new ones...is there really
any reason to distinguish between the two cases? This is simple and
effective, IMO.

Good luck,
Merlin