Re: Allow GRANT/REVOKE permissions to be applied to all schema objects with one command

Поиск
Список
Период
Сортировка
От Matthias Schmidt
Тема Re: Allow GRANT/REVOKE permissions to be applied to all schema objects with one command
Дата
Msg-id AC7B503A-7169-11D9-882A-000393AA75A0@mock-software.de
обсуждение исходный текст
Ответ на Allow GRANT/REVOKE permissions to be applied to all schema objects with one command  (Matthias Schmidt <schmidtm@mock-software.de>)
Ответы Re: Allow GRANT/REVOKE permissions to be applied to all schema objects with one command  (Bruno Wolff III <bruno@wolff.to>)
Re: Allow GRANT/REVOKE permissions to be applied to all schema objects with one command  (Alvaro Herrera <alvherre@dcc.uchile.cl>)
Список pgsql-hackers
Дерево обсуждения 
Hi everybody,

I thought a little bit on possible GRANT syntax for granting to groups 
of objects.

In general, we have the following entities we can grant permissions to:

1. TABLE
2. DATABASE
3. FUNCTION
4. LANGUAGE
5. SCHEMA
6. TABLESPACE

since the requirement is to grant to all objects in a given schema 
(hope this still holds true) we are interested in:

TABLE
FUNCTION
LANGUAGE

The others (DATABASE, SCHEMA, TABLESPACE) are basically ruled out. I 
suspect that the majority of users like to grant to TABLE's and 
FUNCTIONS most of the time rather than LANGUAGE (correct me if i'm 
wrong).

This reduces the question to TABLE's and probably FUNCTION's. Now we 
have two choices:

a) accept some sort of wildcard for the grant on table syntax:   GRANT ... ON TABLE schema.*

b) use something like CASCADE for the grant on schema syntax:   GRANT ... ON SCHEMA CASCADE   In this case the grant on
schema'sneed to swallow the permissions   (SELECT, INSERT, UPDATE ...) which are intended for TABLES. This 
 
seems to me   kind of strange.

therefore I vote for Syntax a)

What do you think?

cheers,

Matthias



> Hi Tom + *,
>
> as I learned from severall posts this TODO splits into two distinct 
> TODO's
>
> TODO1: Allow GRANT/REVOKE permissions to be applied to all schema 
> objects with one command.
> TODO2: Assign Permissions to schemas wich get automatically inherited 
> by objects created in the schema.
>
> my questions are:
>
> a) should we pursue both of them?
> b) how can a syntax for TODO1 look like? Anchored at 'GRANT ... ON 
> SCHEMA' or 'GRANT ... ON <objecttype>' ?
>
> greetings,
>
> Matthias
>
> ----------------------------------------------------------------------
> Matthias Schmidt
> Viehtriftstr. 49
>
> 67346 Speyer
> GERMANY
>
> Tel.: +49 6232 4867
> Fax.: +49 6232 640089
>
>
> ---------------------------(end of 
> broadcast)---------------------------
> TIP 6: Have you searched our list archives?
>
>               http://archives.postgresql.org
>
>
----------------------------------------------------------------------
Matthias Schmidt
Viehtriftstr. 49

67346 Speyer
GERMANY

Tel.: +49 6232 4867
Fax.: +49 6232 640089

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Tom Lane
Дата:
Сообщение: Re: Group-count estimation statistics
Следующее
От: Andrew Dunstan
Дата:
Сообщение: Re: -HEAD on FreeBSD 6-CURRENT build failures