Re: Sequence privileges

From: Neil Conway <nconway(at)klamath(dot)dyndns(dot)org>
To: "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: mail(at)joeconway(dot)com, peter_e(at)gmx(dot)net, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Sequence privileges
Date: 2002-05-19 00:00:00
Message-ID: 20020518200000.43b0b36e.nconway@klamath.dyndns.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Sat, 18 May 2002 19:45:30 -0400
"Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Joe Conway <mail(at)joeconway(dot)com> writes:
> > Since the sequence-specific operations are really just function calls,
> > maybe it should be:
> > SELECT: read sequence as a table
> > EXECUTE: all sequence-specific operations.
>
> But is it worth creating a compatibility problem for? Existing pg_dump
> scripts are likely to GRANT UPDATE. They certainly won't say GRANT
> EXECUTE since that doesn't even exist in current releases.
>
> I agree that EXECUTE (or some sequence-specific permission name we might
> think of instead) would be logically cleaner, but I don't think it's
> worth the trouble of coming up with a compatibility workaround.

Well, one possible compatibility workaround would be trivial -- we could
hack GRANT so that doing GRANT UPDATE on sequence relations is
translated into GRANT EXECUTE.

As for whether it's worth the bother, I'm not sure -- neither
solution strikes me as particularly clean.

Cheers,

Neil

--
Neil Conway <neilconway(at)rogers(dot)com>
PGP Key ID: DB3C29FC

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Tatsuo Ishii 2002-05-19 00:03:11 Re: Set-returning function syntax
Previous Message Tom Lane 2002-05-18 23:45:30 Re: Sequence privileges