Postgres Pro
Downloads
Home   >   mailing lists

Re: GRANT ON ALL IN schema - Mailing list pgsql-hackers

From Pavel Stehule
Subject Re: GRANT ON ALL IN schema
Date
Msg-id 162867790908061143u5764161codbc3381edd6a1888@mail.gmail.com
Whole thread Raw
In response to Re: GRANT ON ALL IN schema  (Stephen Frost <sfrost@snowman.net>)
List pgsql-hackers
Tree view 
>
> \cmd grant select on * to user
>

when I wrote epsql I implemented \fetchall metastatement.
http://okbob.blogspot.com/2009/03/experimental-psql.html

It's should be used for GRANT

DECLARE x CURSOR FOR SELECT * FROM information_schema.tables ....
\fetchall x GRANT ALL ON :table_name TO public;

CLOSE x;

regards
Pavel Stehule

> Of course, our new psql * handling would mean this would grant
> select on everything in pg_catalog too, at least if we do the same as
> \d *
>
> I've got a simple perl script which does this, and I know others have
> pl/pgsql functions and the like for doing it.  Adding that capability to
> psql, if we can do it cleanly, would be nice.
>
> Adding some kind of 'run-multiple' stored proc is an interesting idea
> but I'm afraid the users this is really targetting aren't going to
> appreciate or understand something like:
>
> select
>  cmd('grant select on '
>   || quote_ident(nspname)
>   || '.'
>   || quote_ident(relname)
>   || ' to public')
> from pg_class
> join pg_namespace on (pg_class.nspoid = pg_namespace.oid)
> where pg_namespace.nspname = 'myschema';
>
> Writing a function which takes something like:
> select grant('SELECT','myschema','*','role');
> or takes any kind of actual syntax like:
> select cmd('grant select on * to role');
> just strikes me as forcing users to use a function for the sake of it
> being a function.
>
> I really feel like we should be able to take a page from the unix book
> here and come up with some way to handle wildcards in certain
> statements, ala chmod.
>
> grant select on * to role;
> grant select on myschema.* to role;
> grant select on ab* to role;
>
> We don't currently allow "*" in GRANT syntax, and I strongly doubt that
> the SQL committee will some day allow it AND make it mean something
> different.  If we're really that worried about it, we could have
> 'GRANTALL' or 'MGRANT' or something.
>
>        Thanks,
>
>                Stephen
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iEYEARECAAYFAkp69McACgkQrzgMPqB3kii3wQCfUweO4zEIjg2aLd84hxlYGgT1
> pqAAnAnT4FlJkIZ6K3YMjQaCOj3Hww7H
> =iUXy
> -----END PGP SIGNATURE-----
>
>

pgsql-hackers by date:

Previous
From: decibel
Date:
Subject: Re: GRANT ON ALL IN schema
Next
From: Josh Berkus
Date:
Subject: Re: Table and Index compression