Обсуждение: Strange inconsistency using psql
I had to do some privilege assignments this morning on a bunch of tables, sequences, functions, and views. On all of theseobject, I generally try to use a command like: GRANT all ON TABLE x TO new_user; Where TABLE is either that object or a SEQUENCE or FUNCTION. These all worked perfectly for me. What did not work was specifyingthat the object was a VIEW. The system would spit out a syntax error at the object’s name being specified, however,if I omitted the word VIEW, and not specify the type of object, then the GRANT succeeded. Was this intentional behavior, or is the grammar slightly amiss? All the other types of objects worked perfectly with thisstyle of command. — Jay Sent from my iPad
On Wed, Dec 18, 2019 at 12:29 PM John Scalia <jayknowsunix@gmail.com> wrote:
I had to do some privilege assignments this morning on a bunch of tables, sequences, functions, and views. On all of these object, I generally try to use a command like:
GRANT all ON TABLE x TO new_user;
Where TABLE is either that object or a SEQUENCE or FUNCTION. These all worked perfectly for me. What did not work was specifying that the object was a VIEW. The system would spit out a syntax error at the object’s name being specified, however, if I omitted the word VIEW, and not specify the type of object, then the GRANT succeeded.
Was this intentional behavior, or is the grammar slightly amiss? All the other types of objects worked perfectly with this style of command.
—
Jay
Sent from my iPad
There is no VIEW clause to the GRANT command. The TABLE clause is actually optional in the command when setting privileges on tables or views. And generally you can use the privileges used on tables when setting privileges on views.
Keith
Correct, but my question really is, why is VIEW different from all the other types of objects? Shouldn’t the word VIEW also be an optional qualifier for the name of the object? Inconsistency strikes me as an oversight.
Sent from my iPad
On Dec 18, 2019, at 12:41 PM, Keith <keith@keithf4.com> wrote:
On Wed, Dec 18, 2019 at 12:29 PM John Scalia <jayknowsunix@gmail.com> wrote:I had to do some privilege assignments this morning on a bunch of tables, sequences, functions, and views. On all of these object, I generally try to use a command like:
GRANT all ON TABLE x TO new_user;
Where TABLE is either that object or a SEQUENCE or FUNCTION. These all worked perfectly for me. What did not work was specifying that the object was a VIEW. The system would spit out a syntax error at the object’s name being specified, however, if I omitted the word VIEW, and not specify the type of object, then the GRANT succeeded.
Was this intentional behavior, or is the grammar slightly amiss? All the other types of objects worked perfectly with this style of command.
—
Jay
Sent from my iPadThere is no VIEW clause to the GRANT command. The TABLE clause is actually optional in the command when setting privileges on tables or views. And generally you can use the privileges used on tables when setting privileges on views.Keith
John Scalia <jayknowsunix@gmail.com> writes:
> Correct, but my question really is, why is VIEW different from all the other types of objects?
It's not really -- GRANT considers all kinds of privilege-grantable
relations to be "tables", with the exception of sequences which are
different because they have a different set of applicable privileges.
If we treated views specially here then we'd also have to treat
materialized views and foreign tables as distinct things-to-grant-on,
which seems like mostly clutter.
The history of ALTER TABLE is an analogy, which I guess you could
read as support for either side. Originally PG just had ALTER TABLE
and it worked on all relation kinds (for which the ALTER was sensible).
We've since grown ALTER VIEW etc, but I don't think their coverage of
the ALTER TABLE options is quite complete --- and anyway we still let
you say ALTER TABLE, for backwards-compatibility reasons.
regards, tom lane