On Wed, Jan 7, 2009 at 11:39 PM, Craig Ringer
<craig@postnewspapers.com.au> wrote:
> Scott Marlowe wrote:
>
>>>> Is there a way to let PostgreSQL to allow inherited tables to be owned
>>>> by different roles?
>>>
>>> Not that I know of, and given the security implications I'd be a bit
>>> nervous
>>> about it unless it was done via an explicitly GRANTed right.
>>
>> I hope here you're meaning to have tables that are inheritable by
>> various non-role members. It works as long as everyone's in the same
>> group role with the right permissions. Since you'd have to change
>> ownership to the group role for the parent table, everyone would, in
>> effect, own it now. But if you wanna do it...
>
> That's right - I refer to inheritance by a user that's not a member of the
> role that owns the table.
>
> If the inheriting users *are* a member of the owning role of the parent
> table, then they can select and update the shared-structure part of OTHER
> users' records via the parent table, as well as their own. IIRC they can
> delete other users records via the parent table, too. Not ideal if the
> various users are supposed to be blind to each others' data, as appears to
> be the case here.
No, it doesn't work that way. Perms on the parent table are just
that, perms on the parent table. I just tested it. Given a role
called sharing, and two members stan and ted, and a parent table owned
by sharing, the users have to grant select on their tables to the
other users or the role they belong to or the other users can't see it
or change it.
