Re: Anticipatory privileges

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "John D(dot) Burger" <john(at)mitre(dot)org>
Cc: "pgsql-general postgresql(dot)org" <pgsql-general(at)postgresql(dot)org>
Subject: Re: Anticipatory privileges
Date: 2007-02-17 16:57:30
Message-ID: 19787.1171731450@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

"John D. Burger" <john(at)mitre(dot)org> writes:
> How dangerous is it to UPDATE pg_class
> directly, perhaps copying the relacl column for a table that I've
> done by hand with GRANT.

You can do it, and it will seem to work. However, unless you also make
entries in pg_shdepend, bad things will happen if you later drop any of
the users mentioned in the ACL. Your code will also be vulnerable to
breakage in future releases if we change any of these details.

A better approach is to write a plpgsql function that assembles and
EXECUTEs the required GRANT commands.

regards, tom lane

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Karen Hill 2007-02-17 17:06:57 How do I use returning in a view?
Previous Message John D. Burger 2007-02-17 16:33:56 Re: Anticipatory privileges