On Sat, 18 May 2002 19:45:30 -0400
"Tom Lane" <tgl@sss.pgh.pa.us> wrote:
> Joe Conway <mail@joeconway.com> writes:
> > Since the sequence-specific operations are really just function calls,
> > maybe it should be:
> > SELECT: read sequence as a table
> > EXECUTE: all sequence-specific operations.
>
> But is it worth creating a compatibility problem for? Existing pg_dump
> scripts are likely to GRANT UPDATE. They certainly won't say GRANT
> EXECUTE since that doesn't even exist in current releases.
>
> I agree that EXECUTE (or some sequence-specific permission name we might
> think of instead) would be logically cleaner, but I don't think it's
> worth the trouble of coming up with a compatibility workaround.
Well, one possible compatibility workaround would be trivial -- we could
hack GRANT so that doing GRANT UPDATE on sequence relations is
translated into GRANT EXECUTE.
As for whether it's worth the bother, I'm not sure -- neither
solution strikes me as particularly clean.
Cheers,
Neil
--
Neil Conway <neilconway@rogers.com>
PGP Key ID: DB3C29FC
