Thread: grant and SQL92
In process of converting a bunch of scripts from sybase to postgresql
I see something that doesn't make much sense..
I can grant a series of privileges (comma separated) on a series of
objects (comma separated) to either a user, group or public NOT a
comma separated list of users or groups. Yet at the bottom of the
man page for grant
http://www.postgresql.org/idocs/index.php?sql-grant.html
it says it's allowed in SQL92. How is it this isn't allowed in
postgresql, is it a real pain to implement or was it just never
needed?
I'm trying to come up with a way to do this:
grant all on xydata09 to vwonly,mngmnt,remusr,supusr,dbmngr,schdlr,intusr
on about 500 tables on the fly. Not all of them are the same permissions
per table but each file that creates a table has this and a couple of
revoke lines in it.
Workarounds?
Vince.
--
==========================================================================
Vince Vielhaber -- KA8CSH email: vev@michvhf.com http://www.pop4.net 56K Nationwide Dialup from $16.00/mo
atPop4 Networking Online Campground Directory http://www.camping-usa.com Online Giftshop Superstore
http://www.cloudninegifts.com
==========================================================================
On Thu, 7 Jun 2001, Peter Eisentraut wrote: > Vince Vielhaber writes: > > > I can grant a series of privileges (comma separated) on a series of > > objects (comma separated) to either a user, group or public NOT a > > comma separated list of users or groups. Yet at the bottom of the > > man page for grant > > > > http://www.postgresql.org/idocs/index.php?sql-grant.html > > > > it says it's allowed in SQL92. How is it this isn't allowed in > > postgresql, is it a real pain to implement or was it just never > > needed? > > There is insufficient internal representation of the GRANT parse tree, > which makes this cumbersome to implement. Not terribly hard to fix, but > someone needs to do it. (Where were those PostgreSQL hacker newbies?) I figure it'll be easier to fix than to try and redo the scripts. Have a direction you can point me in? Vince. -- ========================================================================== Vince Vielhaber -- KA8CSH email: vev@michvhf.com http://www.pop4.net 56K Nationwide Dialup from $16.00/mo atPop4 Networking Online Campground Directory http://www.camping-usa.com Online Giftshop Superstore http://www.cloudninegifts.com ==========================================================================
Vince Vielhaber writes: > I can grant a series of privileges (comma separated) on a series of > objects (comma separated) to either a user, group or public NOT a > comma separated list of users or groups. Yet at the bottom of the > man page for grant > > http://www.postgresql.org/idocs/index.php?sql-grant.html > > it says it's allowed in SQL92. How is it this isn't allowed in > postgresql, is it a real pain to implement or was it just never > needed? There is insufficient internal representation of the GRANT parse tree, which makes this cumbersome to implement. Not terribly hard to fix, but someone needs to do it. (Where were those PostgreSQL hacker newbies?) -- Peter Eisentraut peter_e@gmx.net http://funkturm.homeip.net/~peter
Vince Vielhaber writes: > I can grant a series of privileges (comma separated) on a series of > objects (comma separated) to either a user, group or public NOT a > comma separated list of users or groups. I should have this finished today to tomorrow. -- Peter Eisentraut peter_e@gmx.net http://funkturm.homeip.net/~peter
On Sat, 9 Jun 2001, Peter Eisentraut wrote: > Vince Vielhaber writes: > > > I can grant a series of privileges (comma separated) on a series of > > objects (comma separated) to either a user, group or public NOT a > > comma separated list of users or groups. > > I should have this finished today to tomorrow. I looked at it but it looked too much like it involved gram.y which I'm going to happily stay away from for now :) Vince. -- ========================================================================== Vince Vielhaber -- KA8CSH email: vev@michvhf.com http://www.pop4.net 56K Nationwide Dialup from $16.00/mo atPop4 Networking Online Campground Directory http://www.camping-usa.com Online Giftshop Superstore http://www.cloudninegifts.com ==========================================================================
> On Sat, 9 Jun 2001, Peter Eisentraut wrote: > > > Vince Vielhaber writes: > > > > > I can grant a series of privileges (comma separated) on a series of > > > objects (comma separated) to either a user, group or public NOT a > > > comma separated list of users or groups. > > > > I should have this finished today to tomorrow. > > I looked at it but it looked too much like it involved gram.y which I'm > going to happily stay away from for now :) Added to TODO: * Allow GRANT/REVOKE to handle multiple user/group names -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania19026
On Mon, 9 Jul 2001, Bruce Momjian wrote: > > On Sat, 9 Jun 2001, Peter Eisentraut wrote: > > > > > Vince Vielhaber writes: > > > > > > > I can grant a series of privileges (comma separated) on a series of > > > > objects (comma separated) to either a user, group or public NOT a > > > > comma separated list of users or groups. > > > > > > I should have this finished today to tomorrow. > > > > I looked at it but it looked too much like it involved gram.y which I'm > > going to happily stay away from for now :) > > Added to TODO: > > * Allow GRANT/REVOKE to handle multiple user/group names I'm guessing Peter got sidetracked? If it's still open after I submit a create user patch (with the help of Tom Lane I'm no longer uncomfortable with gram.y) I'll take a look at this. Vince. -- ========================================================================== Vince Vielhaber -- KA8CSH email: vev@michvhf.com http://www.pop4.net 56K Nationwide Dialup from $16.00/mo atPop4 Networking Online Campground Directory http://www.camping-usa.com Online Giftshop Superstore http://www.cloudninegifts.com ==========================================================================
Bruce Momjian writes: > > On Sat, 9 Jun 2001, Peter Eisentraut wrote: > > > > > Vince Vielhaber writes: > > > > > > > I can grant a series of privileges (comma separated) on a series of > > > > objects (comma separated) to either a user, group or public NOT a > > > > comma separated list of users or groups. > > > > > > I should have this finished today to tomorrow. > > > > I looked at it but it looked too much like it involved gram.y which I'm > > going to happily stay away from for now :) > > Added to TODO: > > * Allow GRANT/REVOKE to handle multiple user/group names You must have missed the part about tomorrow. -- Peter Eisentraut peter_e@gmx.net http://funkturm.homeip.net/~peter
On Mon, 9 Jul 2001, Peter Eisentraut wrote: > Bruce Momjian writes: > > > > On Sat, 9 Jun 2001, Peter Eisentraut wrote: > > > > > > > Vince Vielhaber writes: > > > > > > > > > I can grant a series of privileges (comma separated) on a series of > > > > > objects (comma separated) to either a user, group or public NOT a > > > > > comma separated list of users or groups. > > > > > > > > I should have this finished today to tomorrow. > > > > > > I looked at it but it looked too much like it involved gram.y which I'm > > > going to happily stay away from for now :) > > > > Added to TODO: > > > > * Allow GRANT/REVOKE to handle multiple user/group names > > You must have missed the part about tomorrow. Did you already commit? I was watching for it but could very well have missed it. Vince. -- ========================================================================== Vince Vielhaber -- KA8CSH email: vev@michvhf.com http://www.pop4.net 56K Nationwide Dialup from $16.00/mo atPop4 Networking Online Campground Directory http://www.camping-usa.com Online Giftshop Superstore http://www.cloudninegifts.com ==========================================================================
> On Mon, 9 Jul 2001, Peter Eisentraut wrote: > > > Bruce Momjian writes: > > > > > > On Sat, 9 Jun 2001, Peter Eisentraut wrote: > > > > > > > > > Vince Vielhaber writes: > > > > > > > > > > > I can grant a series of privileges (comma separated) on a series of > > > > > > objects (comma separated) to either a user, group or public NOT a > > > > > > comma separated list of users or groups. > > > > > > > > > > I should have this finished today to tomorrow. > > > > > > > > I looked at it but it looked too much like it involved gram.y which I'm > > > > going to happily stay away from for now :) > > > > > > Added to TODO: > > > > > > * Allow GRANT/REVOKE to handle multiple user/group names > > > > You must have missed the part about tomorrow. > > Did you already commit? I was watching for it but could very well > have missed it. I don't see it. The tomorrow Vince was talking about was quite a few weeks ago. Also, I thought he said he was going to skip it because it dealt with gram.y. I do have a pending patch from him that arrived today that deals with the CREATEDB/CREATEUSER ordering. I have not applied it because it hasn't appeared on patches yet for people to comment. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania19026
On Tue, 10 Jul 2001, Bruce Momjian wrote: > > On Mon, 9 Jul 2001, Peter Eisentraut wrote: > > > > > Bruce Momjian writes: > > > > > > > > On Sat, 9 Jun 2001, Peter Eisentraut wrote: > > > > > > > > > > > Vince Vielhaber writes: > > > > > > > > > > > > > I can grant a series of privileges (comma separated) on a series of > > > > > > > objects (comma separated) to either a user, group or public NOT a > > > > > > > comma separated list of users or groups. > > > > > > > > > > > > I should have this finished today to tomorrow. > > > > > > > > > > I looked at it but it looked too much like it involved gram.y which I'm > > > > > going to happily stay away from for now :) > > > > > > > > Added to TODO: > > > > > > > > * Allow GRANT/REVOKE to handle multiple user/group names > > > > > > You must have missed the part about tomorrow. > > > > Did you already commit? I was watching for it but could very well > > have missed it. > > I don't see it. The tomorrow Vince was talking about was quite a few > weeks ago. Also, I thought he said he was going to skip it because it > dealt with gram.y. I do have a pending patch from him that arrived > today that deals with the CREATEDB/CREATEUSER ordering. I have not > applied it because it hasn't appeared on patches yet for people to > comment. That was Peter saying he was going to have it finished 'today or tomorrow'. gram.y wasn't as bad as it at first looked as evidenced by the patch I submitted today. Vince. -- ========================================================================== Vince Vielhaber -- KA8CSH email: vev@michvhf.com http://www.pop4.net 56K Nationwide Dialup from $16.00/mo atPop4 Networking Online Campground Directory http://www.camping-usa.com Online Giftshop Superstore http://www.cloudninegifts.com ==========================================================================
> > > > > Added to TODO: > > > > > > > > > > * Allow GRANT/REVOKE to handle multiple user/group names > > > > > > > > You must have missed the part about tomorrow. > > > > > > Did you already commit? I was watching for it but could very well > > > have missed it. > > > > I don't see it. The tomorrow Vince was talking about was quite a few > > weeks ago. Also, I thought he said he was going to skip it because it > > dealt with gram.y. I do have a pending patch from him that arrived > > today that deals with the CREATEDB/CREATEUSER ordering. I have not > > applied it because it hasn't appeared on patches yet for people to > > comment. > > That was Peter saying he was going to have it finished 'today or > tomorrow'. gram.y wasn't as bad as it at first looked as evidenced > by the patch I submitted today. Oh, sorry. OK. Yes, that was a sizable patch! -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania19026
On Tue, 10 Jul 2001, Bruce Momjian wrote: > > > > > > Added to TODO: > > > > > > > > > > > > * Allow GRANT/REVOKE to handle multiple user/group names > > > > > > > > > > You must have missed the part about tomorrow. > > > > > > > > Did you already commit? I was watching for it but could very well > > > > have missed it. > > > > > > I don't see it. The tomorrow Vince was talking about was quite a few > > > weeks ago. Also, I thought he said he was going to skip it because it > > > dealt with gram.y. I do have a pending patch from him that arrived > > > today that deals with the CREATEDB/CREATEUSER ordering. I have not > > > applied it because it hasn't appeared on patches yet for people to > > > comment. > > > > That was Peter saying he was going to have it finished 'today or > > tomorrow'. gram.y wasn't as bad as it at first looked as evidenced > > by the patch I submitted today. > > Oh, sorry. OK. > > Yes, that was a sizable patch! It's a sizable change :) Vince. -- ========================================================================== Vince Vielhaber -- KA8CSH email: vev@michvhf.com http://www.pop4.net 56K Nationwide Dialup from $16.00/mo atPop4 Networking Online Campground Directory http://www.camping-usa.com Online Giftshop Superstore http://www.cloudninegifts.com ==========================================================================
Bruce Momjian <pgman@candle.pha.pa.us> writes:
> I do have a pending patch from him that arrived
> today that deals with the CREATEDB/CREATEUSER ordering. I have not
> applied it because it hasn't appeared on patches yet for people to
> comment.
I already applied his CREATE/ALTER USER patch, because he'd passed it by
me for review several times previously (I forget if any of that mail was
cc'd to the lists). I had some other changes to make in the same files
and figured it might as well go in all at once instead of risking merge
problems.
AFAIK, no one has touched the GRANT/REVOKE issue yet.
regards, tom lane
Bruce Momjian writes: > > On Sat, 9 Jun 2001, Peter Eisentraut wrote: > > > > > Vince Vielhaber writes: > > > > > > > I can grant a series of privileges (comma separated) on a series of > > > > objects (comma separated) to either a user, group or public NOT a > > > > comma separated list of users or groups. > > > > > > I should have this finished today to tomorrow. > > > > I looked at it but it looked too much like it involved gram.y which I'm > > going to happily stay away from for now :) > > Added to TODO: > > * Allow GRANT/REVOKE to handle multiple user/group names You're still not getting that part about tomorrow. ;-) -- Peter Eisentraut peter_e@gmx.net http://funkturm.homeip.net/~peter
> Bruce Momjian writes: > > > > On Sat, 9 Jun 2001, Peter Eisentraut wrote: > > > > > > > Vince Vielhaber writes: > > > > > > > > > I can grant a series of privileges (comma separated) on a series of > > > > > objects (comma separated) to either a user, group or public NOT a > > > > > comma separated list of users or groups. > > > > > > > > I should have this finished today to tomorrow. > > > > > > I looked at it but it looked too much like it involved gram.y which I'm > > > going to happily stay away from for now :) > > > > Added to TODO: > > > > * Allow GRANT/REVOKE to handle multiple user/group names > > You're still not getting that part about tomorrow. ;-) Can't I keep it on the TODO until it is done? And wasn't yesterday tomorrow? :-) -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania19026
Bruce Momjian writes: > Can't I keep it on the TODO until it is done? And wasn't yesterday > tomorrow? :-) No, tomorrow was the day after June 9th. -- Peter Eisentraut peter_e@gmx.net http://funkturm.homeip.net/~peter
> Bruce Momjian writes: > > > Can't I keep it on the TODO until it is done? And wasn't yesterday > > tomorrow? :-) > > No, tomorrow was the day after June 9th. Are you saying you did it already? I see it in CVS now. TODO updated. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania19026