Обсуждение: restrict column-level GRANTs to a single relation?
Fellow hackers, I'm curious about the best way to handle something like this: GRANT SELECT (col1, col2, col3) ON table1, table2 TO grantee; Is it reasonable to restrict this to a single relation, and throw an error if multiple relations are specified? That would require the preceding grant to be specified as: GRANT SELECT (col1, col2, col3) ON table1 TO grantee; GRANT SELECT (col1, col2, col3) ON table2 TO grantee; The SQL standards don't seem to mandate the first form (unless I misread?).. Do y'all think this is a reasonable compromise? -- kevin brintnall =~ <kbrint@rufus.net>
Am Donnerstag, 19. Januar 2006 09:50 schrieb kevin brintnall: > GRANT SELECT (col1, col2, col3) ON table1, table2 TO grantee; > > Is it reasonable to restrict this to a single relation, and throw an error > if multiple relations are specified? Yes -- Peter Eisentraut http://developer.postgresql.org/~petere/
kevin brintnall <kbrint@rufus.net> writes: > GRANT SELECT (col1, col2, col3) ON table1, table2 TO grantee; > Is it reasonable to restrict this to a single relation, and throw an error > if multiple relations are specified? The SQL spec doesn't actually allow multiple things after GRANT ... ON --- that's a PG extension. So you could make the restriction and not violate the spec. OTOH it seems unlikely that this would save much. regards, tom lane