| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | josh(at)agliodbs(dot)com |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [pgsql-hackers] Allow GRANT/REVOKE permissions to be applied to all schema |
| Date: | 2005-01-29 00:39:00 |
| Message-ID: | 28910.1106959140@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Josh Berkus <josh(at)agliodbs(dot)com> writes:
> Hmm, what about using, ALL and NEW? i.e.
> GRANT SELECT ON NEW TABLES IN public TO phpuser;
> GRANT SELECT ON ALL TABLES IN public TO phpuser;
That seems good to me. More generally it would be
GRANT perm [,...] ON NEW/ALL TABLES IN schema [,...] TO user [,...]
which leaves us the freedom to later add
GRANT perm [,...] ON NEW/ALL FUNCTIONS IN schema [,...] TO user [,...]
and so on.
> Of course, this assumes that tables named "new" or "all" are not possible ...
> are those reserved?
As long as you aren't allowed to omit the word "TABLES", I think we can
do this without making ALL or NEW any more reserved than they are
already. I haven't actually tried it in bison though.
TABLES (and later FUNCTIONS, etc) isn't a keyword at all right now IIRC,
but as long as we can do this without making it reserved, I think that's
not a big objection.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2005-01-29 00:43:14 | Re: [pgsql-hackers] Allow GRANT/REVOKE permissions to be applied to all schema |
| Previous Message | Josh Berkus | 2005-01-29 00:33:58 | Re: [pgsql-hackers] Allow GRANT/REVOKE permissions to be applied to all schema |