Michael Fuhr wrote:
> On Thu, Jul 28, 2005 at 03:56:14PM +0100, Sean Burlington wrote:
>
>>Michael Fuhr wrote:
>>
>>>On Thu, Jul 28, 2005 at 12:48:35PM +0100, Sean Burlington wrote:
>>>
>>>
>>>>Description: inheritance removes permissions from the parent table
>>>
>>>I think a more accurate description would be "permissions not
>>>inherited by children," and that isn't necessarily a bug.
>>
>>I agree it may not be a bug - but it's more than the permissions not
>>being inherited: the parent is affected.
>
>
> Not really, once you understand what's happening. Unless you use
> FROM ONLY, selecting from the parent selects from the parent *and*
> its children. The parent itself isn't affected, as queries with
> FROM ONLY should demonstrate. I understand what you're saying --
> that there's an apparent effect on the parent -- but there really
> isn't.
>
>
>>It would be handy if this was in the documentation for anyone else who
>>comes across this issue
>
>
> Feel free to submit a documentation patch to pgsql-patches :-)
>
OK - patch attached
I hope it's OK - I'm afraid I didn't spend too much time looking at the
best way to contribute patches and just went ahead and made one ...
--
Sean
Index: doc/src/sgml/ddl.sgml
===================================================================
RCS file: /projects/cvsroot/pgsql/doc/src/sgml/ddl.sgml,v
retrieving revision 1.42
diff -u -F^f -r1.42 ddl.sgml
--- doc/src/sgml/ddl.sgml 14 Jul 2005 06:17:35 -0000 1.42
+++ doc/src/sgml/ddl.sgml 31 Jul 2005 16:12:54 -0000
@@ -1117,6 +1117,17 @@
support this <quote>ONLY</quote> notation.
</para>
+
+<note>
+ <title>Inheritance and Permissions</title>
+ <para>
+ Because permissions are not inherited automatically a user attempting to access
+ a parent table must either have at least the same permission for the child table
+ or must use the <quote>ONLY</quote> notation. If creating a new inheritance
+ relationship in an existing system be careful that this does not create problems.
+ </para>
+</note>
+
<note>
<title>Deprecated</title>
<para>
