* Josh Berkus (josh@agliodbs.com) wrote:
> It would be really nice to be able to GRANT/REVOKE on some of these
> special system views ...
Well, we actually *can* issue grant/revoke against the underlying
function calls, but we are also doing permissions checks *in* those
functions, ignoring our own GRANT system.
Don't know what folks think of removing those in-the-function checks in
favor of trusting the grant/revoke system to not allow those functions
to be called unless you have EXECUTE privileges on them.. I've not
really tried to look at if that'd work or not, but if we could do that,
it'd certainly give admins a great deal more flexibility to control who
has access to what calls.
Thanks,
Stephen
