Home > mailing lists

Re: [pgsql-hackers] Allow GRANT/REVOKE permissions to be applied to all schema - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: [pgsql-hackers] Allow GRANT/REVOKE permissions to be applied to all schema
Date	January 29, 2005 03:25:12
Msg-id	28765.1106958280@sss.pgh.pa.us Whole thread Raw
In response to	Re: [pgsql-hackers] Allow GRANT/REVOKE permissions to be applied to all schema (Josh Berkus <josh@agliodbs.com>)
Responses	Re: [pgsql-hackers] Allow GRANT/REVOKE permissions to be applied to all schema
List	pgsql-hackers

Tree view

Josh Berkus <josh@agliodbs.com> writes:
> Can't say I like either.     I'd prefer:

> GRANT [PERM] ON ALL TABLES IN SCHEMA [schemaname] TO [user];

I agree that this syntax seems more SQL-ish than relying on a wildcard.

> GRANT SELECT, UPDATE, INSERT ON TABLES IN SCHEMA public TO php-user;

> .. would set the defaults for any NEW tables created in public, and this 
> command:

> GRANT SELECT, UPDATE, INSERT ON TABLES IN SCHEMA public TO php-user CASCADE;

> ... would grant for existing tables as well.

This however seems a rather whimsical reinvention of the meaning of
CASCADE.  I'm not sure if we really need to support both immediate and
delayed inheritance of privileges from a schema, but if we do, let's
please use some other keyword than CASCADE to distinguish the cases.
Also it'd probably be better if they were independent commands, rather
than one subsuming the other as you suggest.
        regards, tom lane

pgsql-hackers by date:

From: Sailesh Krishnamurthy
Date: 29 January 2005, 02:43:21
Subject: Re: Group-count estimation statistics

From: Josh Berkus
Date: 29 January 2005, 03:30:23
Subject: Re: [pgsql-hackers] Allow GRANT/REVOKE permissions to be applied to all schema

Re: [pgsql-hackers] Allow GRANT/REVOKE permissions to be applied to all schema - Mailing list pgsql-hackers

Previous

Next