Re: Granting all tables in schema by one SQL command
От | Krycek |
---|---|
Тема | Re: Granting all tables in schema by one SQL command |
Дата | |
Msg-id | op.thrylkjeaksevk@aleksy обсуждение исходный текст |
Ответ на | Re: Granting all tables in schema by one SQL command ("Merlin Moncure" <mmoncure@gmail.com>) |
Список | pgsql-hackers |
Dnia 19-10-2006 o 23:14:07 Merlin Moncure <mmoncure@gmail.com> napisał: >> What does "NEW TABLES" mean in this context? > > the point is to allow tables to inherit permissions from the parent > schema. this is actually imo much more important than multiple table > grant [...] There was considerable debate on this topic at the time that > todo was written up. Thanx for reply. Can You give me some link to this discussion? But I still have some doubts wich I want to dispel. If construct with "NEW TABLES" mean "allow tables to inherit permissions from the parent schema" so why point "Allow GRANT/REVOKEpermissions to be inherited by objects based on schema permissions" is separated in TODO list. On my mind I think its the same and please correct me if I'm wrong. To sum up: "GRANT SELECT ON ALL TABLES IN schema_name TO phpuser" mean that all tables in schema will by grated ot once (the same way as one GRANT sql command per relation is schema). "GRANT SELECT ON NEW TABLES IN schema_name TO phpuser" mean that schema "schema_name" will be marked with SELECT privilage and every table or view that will be created in that schema after that command will have SELECT privilage granted to phpuser. I understant that this command doesn't have influence on tables that exists in schema at the moment of its execution. "REVOKE SELECT ON ALL TABLES IN schema_name FROM phpuser" will be the same as "REVOKE SELECT ON table1, table2, table3... FROM phpuser" on all tables in schema. "REVOKE SELECT ON NEW TABLES IN schema_name FROM phpuser" will not exactly revoke any privilage from tables in schema but unmark schema_name default permission for any new table. If so - maby better alternative then construct with "NEW TABLES" is "ALTER SCHEMA schema_name SET NEW_TABLE_PERMISSONS TO privilages TO roles" or "GRANT SELECT, UPDATE... ON SCHEMA schema_name TO roles" (the same as GRANT CREATE for schema) Last is in my opinion the best becouse it uses existing SQL syntax. Moreover due to meaning of "GRANT ... NEW TABLES" that doesn't exactly gives any permission to any table in schema at the moment of its execution but only set default privilage for new object in schema it (in my humble opinion) is more logical. Thanx for reply. -- Best Regards Przemyslaw Kantyka krycek6@wp.pl -- Używam programu pocztowego Opery: http://www.opera.com/mail/
В списке pgsql-hackers по дате отправления: