On Tue, 2009-07-07 at 11:16 -0400, Tom Lane wrote:
> Simon Riggs <simon@2ndQuadrant.com> writes:
> > I would like to see
> > GRANT ... ON ALL OBJECTS ...
>
> This seems inherently broken, since different types of objects
> will have different grantable privileges.
>
> > (I'm sure we can do something intelligent with privileges that don't
> > apply to all object types rather than just fail. e.g. UPDATE privilege
> > should be same as USAGE on a sequence.)
>
> Anything you do in that line will be an ugly kluge, and will tend to
> encourage insecure over-granting of privileges (ie GRANT ALL ON ALL
> OBJECTS ... what's the point of using permissions at all then?)
My perspective would be that privilege systems that are too complex fall
into disuse, leading to less security, not more.
On any database that has moderate security or better permissions errors
are one of the three errors on production databases. Simplifying the
commands, by aggregating them or another way, is likely to yield
benefits in usability for a wide range of users.
Unix allows chmod to run against multiple object types. How annoying
would it be if you had to issue chmodfile, chmodlink, chmoddir
separately for each class of object. (Links don't barf if you try to set
their file mode, for example). We follow the Unix file system in many
other ways, why not this one?
-- Simon Riggs www.2ndQuadrant.comPostgreSQL Training, Services and Support