Re: Latest requests from IRC

Added to TODO:

* Allow GRANT/REVOKE permissions to be given to all schema
objects with one command

---------------------------------------------------------------------------

Tom Lane wrote:
> Bruno Wolff III <bruno(at)wolff(dot)to> writes:
> > Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au> wrote:
> >> ... people want to be able to grant on all objects in a
> >> database, etc:
>
> > The right way to do this is to make sure there is a group that has access
> > to "everything" and just add people to the group.
>
> Doesn't seem like that magically solves the problem, though. You still
> have lots of pain involved in granting privs on everything to that
> group.
>
> I don't have any fundamental problem with something like "GRANT SELECT
> ON TABLE * TO foo", seeing as how we already allow grants on multiple
> tables. But we'd have to be very careful about how the scope of the *
> wildcard is defined. For instance, if a superuser does it, does it
> really grant privs on *all* tables? I'd hope that the system catalogs,
> at least, are not implicitly included in the wildcard scope. For lesser
> mortals there is also the question of whether to error out or just
> ignore tables that you don't have privileges for.
>
> Would it make sense to restrict the wildcard to a particular schema, viz
> GRANT SELECT ON TABLE myschema.* TO foo
> This would neatly solve the question of how to exclude the system
> catalogs, and in most scenarios where people are wishing for this,
> I bet they've put all the objects in one schema anyway.
>
> regards, tom lane
>
> ---------------------------(end of broadcast)---------------------------
> TIP 1: subscribe and unsubscribe commands go to majordomo(at)postgresql(dot)org
>

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073