Home > mailing lists

Re: Anticipatory privileges - Mailing list pgsql-general

From	Tom Lane
Subject	Re: Anticipatory privileges
Date	February 17, 2007 15:57:34
Msg-id	19787.1171731450@sss.pgh.pa.us Whole thread Raw
In response to	Re: Anticipatory privileges ("John D. Burger" <john@mitre.org>)
Responses	Re: Anticipatory privileges ("John D. Burger" <john@mitre.org>)
List	pgsql-general

Tree view

"John D. Burger" <john@mitre.org> writes:
> How dangerous is it to UPDATE pg_class
> directly, perhaps copying the relacl column for a table that I've
> done by hand with GRANT.

You can do it, and it will seem to work.  However, unless you also make
entries in pg_shdepend, bad things will happen if you later drop any of
the users mentioned in the ACL.  Your code will also be vulnerable to
breakage in future releases if we change any of these details.

A better approach is to write a plpgsql function that assembles and
EXECUTEs the required GRANT commands.

            regards, tom lane

pgsql-general by date:

From: "John D. Burger"
Date: 17 February 2007, 15:34:08
Subject: Re: Anticipatory privileges

From: "Karen Hill"
Date: 17 February 2007, 16:07:17
Subject: How do I use returning in a view?

Re: Anticipatory privileges - Mailing list pgsql-general

Previous

Next