Re: Schema (namespace) privilege details - Mailing list pgsql-hackers

From Oliver Elphick
Subject Re: Schema (namespace) privilege details
Date
Msg-id 1019180956.32076.389.camel@linda
Whole thread Raw
In response to Re: Schema (namespace) privilege details  (Joe Conway <mail@joeconway.com>)
List pgsql-hackers
On Fri, 2002-04-19 at 02:24, Joe Conway wrote:
> I like this general idea and syntax. But it seems awkward to have to
> have the privilege granted twice. What about:
>
>      GRANT CREATE SCHEMA [IN { database | ALL }] TO user | PUBLIC
>      REVOKE CREATE SCHEMA [IN { database | ALL }] FROM user | PUBLIC

I would naturally interpret granting permission IN ALL to mean that the
user would certainly be allowed permission in all databases, whereas it
ought to be clear that the permission given is only hypothetical and
subject to permission's being granted for a specific database.

> where lack of the IN clause implies the current database, and ALL
> implies a system-wide grant/revoke. System-wide could only be issued by
> a superuser, while a specific database command could be issued by the DB
> owner or a superuser.

--
Oliver Elphick                                Oliver.Elphick@lfix.co.uk
Isle of Wight                              http://www.lfix.co.uk/oliver
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839  932A 614D 4C34 3E1D 0C1C
    "For I am persuaded, that neither death, nor life, nor      angels, nor principalities, nor powers, nor things
present,nor things to come, nor height, nor depth,      nor any other creature, shall be able to separate us      from
thelove of God, which is in Christ Jesus our      Lord."     Romans 8:38,39  

pgsql-hackers by date:

Previous
From: Joe Conway
Date:
Subject: Re: Schema (namespace) privilege details
Next
From: "Rod Taylor"
Date:
Subject: Re: Schema (namespace) privilege details