Re: Allow GRANT/REVOKE permissions to be applied to all schema objects with one command - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Allow GRANT/REVOKE permissions to be applied to all schema objects with one command
Date
Msg-id 476.1106974869@sss.pgh.pa.us
Whole thread Raw
In response to Re: Allow GRANT/REVOKE permissions to be applied to all schema objects with one command  (Alvaro Herrera <alvherre@dcc.uchile.cl>)
Responses Re: Allow GRANT/REVOKE permissions to be applied to all schema objects with one command
List pgsql-hackers
Alvaro Herrera <alvherre@dcc.uchile.cl> writes:
> What about a list,

> GRANT ... ON TABLE table1, table2, ... TO user1, user2, ...;

We already allow a list (and have since at least 7.0).

> It would be good if it was a list of wildcards.

I'm a bit itchy about allowing wildcards --- it doesn't seem to fit well
with SQL syntax.  The idea of allowing a subselect that returns a set of
names seems cleaner, though I'm not totally sure what to do to make it
schema-proof.  I don't much like the idea that it returns a set of
strings that we then parse as possibly-quoted identifiers --- that opens
all sorts of traps for the unwary who forget to use quote_ident etc.

It would be unambiguous to make the subselect return a set of OIDs, eg

GRANT SELECT ON TABLE (SELECT oid FROM pg_class                      WHERE relname LIKE 'some-pattern') TO ... 

but exposing OIDs like this seems mighty bletcherous too, not to mention
not very easy to use for someone not intimately familiar with the system
catalog layout.

Josh's last suggestion (ALL TABLES IN someschema) seems to me to be a
reasonable compromise between usefulness, syntactic weirdness, and
hiding implementation details.
        regards, tom lane


pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: Patent issues and 8.1
Next
From: Greg Stark
Date:
Subject: Re: Group-count estimation statistics