Home > mailing lists

Re: GRANT ON ALL IN schema - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: GRANT ON ALL IN schema
Date	July 7, 2009 15:16:56
Msg-id	7045.1246979795@sss.pgh.pa.us Whole thread Raw
In response to	Re: GRANT ON ALL IN schema (Simon Riggs <simon@2ndQuadrant.com>)
Responses	Re: GRANT ON ALL IN schema Re: GRANT ON ALL IN schema
List	pgsql-hackers

Tree view

Simon Riggs <simon@2ndQuadrant.com> writes:
> I would like to see 
> GRANT ... ON ALL OBJECTS ...

This seems inherently broken, since different types of objects
will have different grantable privileges.

> (I'm sure we can do something intelligent with privileges that don't
> apply to all object types rather than just fail. e.g. UPDATE privilege
> should be same as USAGE on a sequence.)

Anything you do in that line will be an ugly kluge, and will tend to
encourage insecure over-granting of privileges (ie GRANT ALL ON ALL
OBJECTS ... what's the point of using permissions at all then?)
        regards, tom lane

pgsql-hackers by date:

From: Robert Haas
Date: 07 July 2009, 15:12:09
Subject: Re: *_collapse_limit, geqo_threshold

From: Andres Freund
Date: 07 July 2009, 15:20:16
Subject: Re: *_collapse_limit, geqo_threshold

Re: GRANT ON ALL IN schema - Mailing list pgsql-hackers

Previous

Next