Re: [pgsql-hackers] Allow GRANT/REVOKE permissions to be applied to all schema - Mailing list pgsql-hackers

From Tom Lane
Subject Re: [pgsql-hackers] Allow GRANT/REVOKE permissions to be applied to all schema
Date
Msg-id 28765.1106958280@sss.pgh.pa.us
Whole thread Raw
In response to Re: [pgsql-hackers] Allow GRANT/REVOKE permissions to be applied to all schema  (Josh Berkus <josh@agliodbs.com>)
Responses Re: [pgsql-hackers] Allow GRANT/REVOKE permissions to be applied to all schema
List pgsql-hackers
Josh Berkus <josh@agliodbs.com> writes:
> Can't say I like either.     I'd prefer:

> GRANT [PERM] ON ALL TABLES IN SCHEMA [schemaname] TO [user];

I agree that this syntax seems more SQL-ish than relying on a wildcard.

> GRANT SELECT, UPDATE, INSERT ON TABLES IN SCHEMA public TO php-user;

> .. would set the defaults for any NEW tables created in public, and this 
> command:

> GRANT SELECT, UPDATE, INSERT ON TABLES IN SCHEMA public TO php-user CASCADE;

> ... would grant for existing tables as well.

This however seems a rather whimsical reinvention of the meaning of
CASCADE.  I'm not sure if we really need to support both immediate and
delayed inheritance of privileges from a schema, but if we do, let's
please use some other keyword than CASCADE to distinguish the cases.
Also it'd probably be better if they were independent commands, rather
than one subsuming the other as you suggest.
        regards, tom lane


pgsql-hackers by date:

Previous
From: Sailesh Krishnamurthy
Date:
Subject: Re: Group-count estimation statistics
Next
From: Josh Berkus
Date:
Subject: Re: [pgsql-hackers] Allow GRANT/REVOKE permissions to be applied to all schema