* Simon Riggs (simon@2ndQuadrant.com) wrote:
> On 16 October 2014 20:04, Robert Haas <robertmhaas@gmail.com> wrote:
> >>> GRANT CAPABILITY whatever TO somebody;
> >>
> >> So, we went back to just role attributes to avoid the keyword issue..
> >> The above would require making 'CAPABILITY' a reserved word, and there
> >> really isn't a 'good' already-reserved word we can use there that I
> >> found.
> >
> > Ah, good point. Using ALTER ROLE is better. Maybe we should do ALTER
> > ROLE .. [ ADD | DROP ] CAPABILITY x. That would still require making
> > CAPABILITY a keyword, but it could be unreserved.
>
> I thought you had it right first time. It is mighty annoying that some
> privileges are GRANTed and others ALTER ROLEd.
Yeah- but there's a material difference in the two, as I tried to
outline previously..
> How about
>
> GRANT EXECUTE [PRIVILEGES] ON CAPABILITY foo TO bar;
>
> That is similar to granting execution privs on a function. And I think
> gets round the keyword issue?
No, it doesn't.. EXECUTE isn't reserved at all.
Thanks,
Stephen