| From: | "John D(dot) Burger" <john(at)mitre(dot)org> |
|---|---|
| To: | "pgsql-general postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Anticipatory privileges |
| Date: | 2007-02-17 16:33:56 |
| Message-ID: | 773D21A2-92D0-45EC-A9AD-91FB566E6691@mitre.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Alvaro Herrera wrote:
>> If I am reading the (7.4) docs correctly, privileges can be granted
>> only with respect to tables that exist at the time the GRANT command
>> is given
> Yes.
In fact, I have to individually grant access to each table, and any
associated sequences, yes? How dangerous is it to UPDATE pg_class
directly, perhaps copying the relacl column for a table that I've
done by hand with GRANT. I'm thinking something like this:
=> grant all on annotations to public;
=> update pg_class set relacl = (select relacl from pg_class where
relname = 'annotations')
where relnamespace = (select oid from pg_namespace where nspname =
'public');
This will "grant" access to indexes and other stuff that may be
unnecessary, but is this a sound approach? (By the way, are there in
fact any other kinds of objects that I may need to allow access to,
other than tables and sequences?)
Another solution to my access control issues is to change the owner
of the tables and sequences. Can I safely do this with an UPDATE on
pg_class?
Thanks, and sorry if these are dumb questions, but I haven't been
able to glean the answers directly from the docs.
- John Burger
MITRE
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2007-02-17 16:57:30 | Re: Anticipatory privileges |
| Previous Message | Gabriel Colina | 2007-02-17 16:12:31 | QNX, RTOS y Postgres |