Обсуждение: restrict column-level GRANTs to a single relation?

Fellow hackers,

I'm curious about the best way to handle something like this:
   GRANT SELECT (col1, col2, col3) ON table1, table2 TO grantee;

Is it reasonable to restrict this to a single relation, and throw an error
if multiple relations are specified?  That would require the preceding
grant to be specified as:
   GRANT SELECT (col1, col2, col3) ON table1 TO grantee;   GRANT SELECT (col1, col2, col3) ON table2 TO grantee;

The SQL standards don't seem to mandate the first form (unless I
misread?)..  Do y'all think this is a reasonable compromise?

-- kevin brintnall =~ <kbrint@rufus.net>

Am Donnerstag, 19. Januar 2006 09:50 schrieb kevin brintnall:
>     GRANT SELECT (col1, col2, col3) ON table1, table2 TO grantee;
>
> Is it reasonable to restrict this to a single relation, and throw an error
> if multiple relations are specified?

Yes

-- 
Peter Eisentraut
http://developer.postgresql.org/~petere/

kevin brintnall <kbrint@rufus.net> writes:
>     GRANT SELECT (col1, col2, col3) ON table1, table2 TO grantee;

> Is it reasonable to restrict this to a single relation, and throw an error
> if multiple relations are specified?

The SQL spec doesn't actually allow multiple things after GRANT ... ON
--- that's a PG extension.  So you could make the restriction and not
violate the spec.  OTOH it seems unlikely that this would save much.
        regards, tom lane