| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Petr Jelinek <pjmodos(at)pjmodos(dot)net> |
| Subject: | Re: GRANT ON ALL IN schema |
| Date: | 2009-06-17 14:44:24 |
| Message-ID: | 200906171744.24456.peter_e@gmx.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wednesday 17 June 2009 17:15:04 Tom Lane wrote:
> Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> > I think you should design this with a bit wider scope. Instead of just
> > "all tables in this schema", think "all tables satisfying some
> > condition". It has been requested, for example, to be able to grant on
> > all tables that match a pattern.
>
> I'm against that. Functionality of that sort is available now if you
> really need it (write a plpgsql loop around an EXECUTE) and it's fairly
> hard to see a clean syntax that is significantly more general than
> "GRANT ON schema.*". In particular I strongly advise against getting
> into supporting user-defined predicates in GRANT. There are good
> reasons for not having utility statements evaluate random expressions.
Why don't we tell people to write a plpgsql loop for the schema.* case as
well?
I haven't seen any evidence that the schema.* case is more common than other
bulk DDL cases like "matches pattern" or "owned by $user" or "grant on all
functions that are not security definer" etc.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2009-06-17 14:47:32 | Re: GRANT ON ALL IN schema |
| Previous Message | Stephen Frost | 2009-06-17 14:44:07 | Re: GRANT ON ALL IN schema |