Thread: Privileges

Privileges

From
Simon Riggs
Date:
There is a command to set privileges

  GRANT SELECT ON ALL TABLES IN SCHEMA foo TO PUBLIC;

and a command to set default privileges

  ALTER DEFAULT PRIVILEGES IN SCHEMA foo
  GRANT SELECT ON TABLES TO PUBLIC;

In the first command the ALL is required, whereas in the second command
the ALL must be absent.

ISTM that the ALL should be optional in both cases.
Same thing is true for FUNCTIONS and SEQUENCES.

Both options are new in 9.0.

Any objections to implementing this simple patch?

--
 Simon Riggs           www.2ndQuadrant.com

Attachment

Re: Privileges

From
Tom Lane
Date:
Simon Riggs <simon@2ndQuadrant.com> writes:
> There is a command to set privileges

>   GRANT SELECT ON ALL TABLES IN SCHEMA foo TO PUBLIC;

> and a command to set default privileges

>   ALTER DEFAULT PRIVILEGES IN SCHEMA foo
>   GRANT SELECT ON TABLES TO PUBLIC;

> In the first command the ALL is required, whereas in the second command
> the ALL must be absent.

> ISTM that the ALL should be optional in both cases.

I don't believe this is a good idea.  ALL in the second statement would
give a completely misleading impression, because it does *not* grant
privileges on all tables, in particular it doesn't affect existing
tables.  Conversely, leaving out ALL in the first statement would limit
our flexibility to insert additional options there in future.  (ALL is a
fully reserved word, TABLES isn't, so your proposal greatly increases
the odds of future syntactic conflicts.)
        regards, tom lane