On 3/9/06,
Stephan Szabo <
sszabo@megazone.bigpanda.com> wrote:
As I understood the synonym plan, a
person with select on the synonym but not on the referenced table wouldn't
be able to select through the synonym, while if the view was created by
someone with select a person with select on the view could select through
the view.
In this respect, synonyms are surely different from views. Due to this, I was pondering whether synonyms should have ACLs or whether they just pointed to the object and ACLs were handled as they currently are. I didn't think of a use case for them being different, but I know three of the RDBMS vendors did implement them to have their own permissions, so there's gotta be some reason for it. I'm guessing the reason is for accessing remote database tables which isn't part of this proposal, however, it's generally easier to add it now than later. I'm not averse to removing ACLs from synonyms right now at all as we'd still benefit from the same functionality.
--
Jonah H. Harris, Database Internals Architect
EnterpriseDB Corporation
732.331.1324
