| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Simon Riggs <simon(at)2ndQuadrant(dot)com> |
| Cc: | Petr Jelinek <pjmodos(at)pjmodos(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: GRANT ON ALL IN schema |
| Date: | 2009-07-07 15:16:35 |
| Message-ID: | 7045.1246979795@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Simon Riggs <simon(at)2ndQuadrant(dot)com> writes:
> I would like to see
> GRANT ... ON ALL OBJECTS ...
This seems inherently broken, since different types of objects
will have different grantable privileges.
> (I'm sure we can do something intelligent with privileges that don't
> apply to all object types rather than just fail. e.g. UPDATE privilege
> should be same as USAGE on a sequence.)
Anything you do in that line will be an ugly kluge, and will tend to
encourage insecure over-granting of privileges (ie GRANT ALL ON ALL
OBJECTS ... what's the point of using permissions at all then?)
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2009-07-07 15:19:57 | Re: *_collapse_limit, geqo_threshold |
| Previous Message | Robert Haas | 2009-07-07 15:11:49 | Re: *_collapse_limit, geqo_threshold |