Hello,
I tried to generalize a function that creates partitions
for a table and found out it's impossible to do it for grants.
Basically, what I want is a child table that takes it's grants
from parent table. IMHO quite reasonable request. But I don't
see a way to do it in pl/pgsql. (Writing parser in plpgsql
for aclitemout() output does not count.)
The form for the create statement is:
CREATE TABLE part ( [pre-9.0] LIKE parent INCLUDING INDEXES INCLUDING CONSTRAINTS [9.0+] LIKE parent
INCLUDINGALL -- skips grants ) INHERITS (parent);
Unless I'm missing something obvious, there is no way to take grants
from parent table.
My suggestions:
1) Have 'GRANTS' option for LIKE. Seems obvious.
2) Include 'GRANTS' option in 'ALL'. Also obvious.
3) Have a way to format aclitem into something that can used to create GRANT statement easily. Eg:
pg_get_privilege_info( IN priv aclitem, OUT rolename text, OUT privlist text[], OUT
privlist_with_grant_optiontext[]);
This allows doing complex introspection in pl/pgsql and also helps tools that want to re-create table structure in
otherdatabases.
Although 1)+2) and 3) seem like alternatives, I suggest doing all of them,
thus improving GRANT usage across the board.
Comments?
--
marko
NB: this mail is about designing and accepting TODO-items.
I might do them myself sometime, but I don't mind if anyone
implements them before me..
