Re: Privileges and inheritance

On Mon, 2009-10-05 at 12:30 +0300, Peter Eisentraut wrote:
> On Mon, 2009-10-05 at 09:22 +0100, Simon Riggs wrote:
> > On Sat, 2009-10-03 at 09:45 +0300, Peter Eisentraut wrote:
> > 
> > > We could use a GUC variable to ease the transition, perhaps like
> > > sql_inheritance = no | yes_without_privileges | yes
> > 
> > The original way of doing things was quite useful if you wanted some
> > people to be able to see history and others just see recent data. I
> > don't think many people are aware of or take advantage of that, so your
> > proposal does simplify things for many people.
> 
> Wouldn't that look something like
> 
> data  -- empty
> data_recent INHERITS (data)
> data_old INHERITS (data)
> data_ancient INHERITS (data)
> 
> GRANT ... ON data_recent TO A
> GRANT ... ON data_old TO B
> 
> I guess you could also do
> 
> data  -- recent data
> data_old INHERITS (data)
> data_ancient INHERITS (data)
> 
> GRANT ... ON data TO A
> GRANT ... ON data_old TO B
> 
> And then A, who has only access to the recent data, would always have to
> use ONLY data to be able to do anything.  That would be a pretty weird
> setup.  The workaround is to change it to the setup above, which you can
> do with a few renames.

If you use multiple inheritance it all works as I described.

top level: data-template
main tables: data, data-recent both inherit from data-template
all partitions inherit from data
only recent partitions inherit from data-recent
grants are issued on data and data-recent

Now that I think about it more, I want the change you describe but don't
think its a system-wide setting. You may have PostgreSQL inheritance
apps next door to partitioning apps. The right place to fix this is when
we implement partitioning syntax, so we can set a flag saying "make
permissions easier for partitions".

-- Simon Riggs           www.2ndQuadrant.com