Re: GRANT ON ALL IN schema - Mailing list pgsql-hackers
From | Abhijit Menon-Sen |
---|---|
Subject | Re: GRANT ON ALL IN schema |
Date | |
Msg-id | 20090920145011.GA24273@toroid.org Whole thread Raw |
In response to | Re: GRANT ON ALL IN schema (Petr Jelinek <pjmodos@pjmodos.net>) |
Responses |
Re: GRANT ON ALL IN schema
Re: GRANT ON ALL IN schema |
List | pgsql-hackers |
(This is a partial review of the grantonall-20090810v2.diff patch posted by Petr Jelinek on 2009-08-10 (hi PJMODOS!). See http://archives.postgresql.org/message-id/4A7F5853.5010506@pjmodos.net for the original message.) I have not yet been able to do a complete review of this patch, but I am posting this because I'll be travelling for a week starting tomorrow. My comments are based mostly on reading the patch, and not on any intensive testing of the feature. I have left the patch status unchanged at "needs review", although I think it's close to "ready for committer". I really like this patch. It's easy to understand and written in a very straightforward way, and addresses a real need that comes up time and again on various support fora. I have only a couple of minor comments. 1. The patch did apply to HEAD and build cleanly, but there are now a couple of minor (documentation) conflicts. (Sorry,I would have fixed them and reposted a patch, but I'm running out of time right now.) > *** a/doc/src/sgml/ref/grant.sgml > --- b/doc/src/sgml/ref/grant.sgml > [...] > > <para> > + There is also the possibility of granting permissions to all objects of > + given type inside one or multiple schemas. This functionality is supported > + for tables, views, sequences and functions and can done by using > + ALL {TABLES|SEQUENCES|FUNCTIONS} IN SCHEMA schemaname syntax in place > + of object name. > + </para> > + > + <para> 2. Here I suggest the following wording: <para> You can also grant permissions on all tables, sequences, or functions that currently exist within a given schemaby specifying "ALL {TABLES|SEQUENCES|FUNCTIONS} IN SCHEMA schemaname" in place of an object name. </para> 3. I believe MySQL's "grant all privileges on foo.* to someone" grants privileges on all existing objects in foo _but also_on any objects that may be created later. This patch only gives you a way to grant privileges only on the objectscurrently within a schema. I strongly prefer this behaviour myself, but I do think the documentation needs a briefmention of this fact, to avoid surprising people. That's why I added "that currently exist" to (2), above. Maybe anothersentence that specifically says that objects created later are unaffected is in order. I'm not sure. -- ams
pgsql-hackers by date: