From: | Abhijit Menon-Sen <ams(at)toroid(dot)org> |
---|---|
To: | pgsql-hackers(at)postgresql(dot)org |
Cc: | Petr Jelinek <pjmodos(at)pjmodos(dot)net> |
Subject: | Re: GRANT ON ALL IN schema |
Date: | 2009-09-20 14:50:11 |
Message-ID: | 20090920145011.GA24273@toroid.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
(This is a partial review of the grantonall-20090810v2.diff patch posted
by Petr Jelinek on 2009-08-10 (hi PJMODOS!). See
http://archives.postgresql.org/message-id/4A7F5853.5010506@pjmodos.net
for the original message.)
I have not yet been able to do a complete review of this patch, but I am
posting this because I'll be travelling for a week starting tomorrow. My
comments are based mostly on reading the patch, and not on any intensive
testing of the feature. I have left the patch status unchanged at "needs
review", although I think it's close to "ready for committer".
I really like this patch. It's easy to understand and written in a very
straightforward way, and addresses a real need that comes up time and
again on various support fora. I have only a couple of minor comments.
1. The patch did apply to HEAD and build cleanly, but there are now a
couple of minor (documentation) conflicts. (Sorry, I would have fixed
them and reposted a patch, but I'm running out of time right now.)
> *** a/doc/src/sgml/ref/grant.sgml
> --- b/doc/src/sgml/ref/grant.sgml
> [...]
>
> <para>
> + There is also the possibility of granting permissions to all objects of
> + given type inside one or multiple schemas. This functionality is supported
> + for tables, views, sequences and functions and can done by using
> + ALL {TABLES|SEQUENCES|FUNCTIONS} IN SCHEMA schemaname syntax in place
> + of object name.
> + </para>
> +
> + <para>
2. Here I suggest the following wording:
<para>
You can also grant permissions on all tables, sequences, or
functions that currently exist within a given schema by specifying
"ALL {TABLES|SEQUENCES|FUNCTIONS} IN SCHEMA schemaname" in place of
an object name.
</para>
3. I believe MySQL's "grant all privileges on foo.* to someone" grants
privileges on all existing objects in foo _but also_ on any objects
that may be created later. This patch only gives you a way to grant
privileges only on the objects currently within a schema. I strongly
prefer this behaviour myself, but I do think the documentation needs
a brief mention of this fact, to avoid surprising people. That's why
I added "that currently exist" to (2), above. Maybe another sentence
that specifically says that objects created later are unaffected is
in order. I'm not sure.
-- ams
From | Date | Subject | |
---|---|---|---|
Next Message | Pavel Stehule | 2009-09-20 15:25:25 | Re: Anonymous code blocks |
Previous Message | Ron Mayer | 2009-09-20 13:21:38 | Re: updated hstore patch |