Added to TODO:
* Allow GRANT/REVOKE permissions to be given to all schema objects with one command
---------------------------------------------------------------------------
Tom Lane wrote:
> Bruno Wolff III <bruno@wolff.to> writes:
> > Christopher Kings-Lynne <chriskl@familyhealth.com.au> wrote:
> >> ... people want to be able to grant on all objects in a
> >> database, etc:
>
> > The right way to do this is to make sure there is a group that has access
> > to "everything" and just add people to the group.
>
> Doesn't seem like that magically solves the problem, though. You still
> have lots of pain involved in granting privs on everything to that
> group.
>
> I don't have any fundamental problem with something like "GRANT SELECT
> ON TABLE * TO foo", seeing as how we already allow grants on multiple
> tables. But we'd have to be very careful about how the scope of the *
> wildcard is defined. For instance, if a superuser does it, does it
> really grant privs on *all* tables? I'd hope that the system catalogs,
> at least, are not implicitly included in the wildcard scope. For lesser
> mortals there is also the question of whether to error out or just
> ignore tables that you don't have privileges for.
>
> Would it make sense to restrict the wildcard to a particular schema, viz
> GRANT SELECT ON TABLE myschema.* TO foo
> This would neatly solve the question of how to exclude the system
> catalogs, and in most scenarios where people are wishing for this,
> I bet they've put all the objects in one schema anyway.
>
> regards, tom lane
>
> ---------------------------(end of broadcast)---------------------------
> TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org
>
-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610)
359-1001+ If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square,
Pennsylvania19073
