Re: [PATCH] allow has_table_privilege(..., 'usage') on sequences

"Jaime Casanova" <jcasanov(at)systemguards(dot)com(dot)ec> writes:
> On Thu, Aug 7, 2008 at 3:08 AM, Abhijit Menon-Sen <ams(at)oryx(dot)com> wrote:
>> I just noticed, to my dismay, that has_table_privilege() does not allow
>> me to check for usage privileges on sequences.

> Maybe we want a new function has_sequence_privilege() instead?

Yeah, that seems like the $64 question for this patch. The presented
patch is certainly simple (it lacks only documentation to be considered
committable). The question is do we want to fuzz things up to the
extent of pretending that USAGE is a table privilege. The GRANT code
certainly doesn't think so:

regression=# grant usage on table t1 to joe;
ERROR: invalid privilege type USAGE for table

and in fact aclchk.c devotes quite a few lines of code to making sure
that sequence and table privileges are kept appropriately distinct.

As of right now, the proposed patch looks like a nice easy solution to a
minor problem. But I'm concerned that we might be backing ourselves
into a corner by inserting this inconsistency --- some day it might
cause a real problem. It also seems that it would be throwing away
a lot of hard work that was already put into aclchk.c to maintain the
distinction.

So I'm thinking it would be better to invent a has_sequence_privilege
family of functions.

On the other hand, that would require a couple hundred lines of new code
and docs. Even though it'd be a pretty easy copy-and-paste task,
perhaps that's overkill for what I have to admit is a mostly
hypothetical worry about future inconsistency.

Thoughts?

regards, tom lane