On Thu, Jan 26, 2006 at 10:25:40PM +0800, William ZHANG wrote:
>
> I think we should pay attention to the sematic of table privs and column
> privs.
> Here is some examples.
>
> 1. role1 GRANT table priviledge SELECT on table S to role2.
> role1 REVOKE column priviledge SELECT on column S(SNO) from role2.
As I understand the SQL spec, the first (table-level) GRANT you specified
would be equivalent to repeating an appropriate column-level GRANT for
every column of S. My thought was to check the column privs and apply
this logic:
if user matches an acl for the column .. and priv is granted, then permit .. else priv is not granted, rejectelse
fallthrough to table privileges
> 2. deal with circles in GRANT graph.
Can you give an examle for how this is any different for column-level
GRANTs?
-- kevin brintnall =~ <kbrint@rufus.net>