From: | Andrew Gold <agold(at)cbamedia(dot)com> |
---|---|
To: | pgsql-admin(at)postgresql(dot)org |
Subject: | Re: GRANT ALL PRIVILEGES ON DATABASE |
Date: | 2005-08-17 15:35:06 |
Message-ID: | 4303592A.4070501@cbamedia.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
Actually, I read the GRANT man page several times; what you state so
clearly and simply, isn't described so plainly in that document.
I posted because I found the GRANT man page deficient.
Strictly speaking the GRANT man page indicated the following:
-----------------begin quote---------------------------
ALL PRIVILEGES
Grant all of the privileges applicable to the object at once. The
PRIVILEGES key word is optional in PostgreSQL, though it is required by
strict SQL.
-------------------end quote---------------------------
This followed a series of descriptions of various privileges (select,
insert, update, etc.). From the context of the description, it appears
that "GRANT ALL PRIVILEGES" bestows all of the preceding rights on the
recipient user.
It is not at all intuitive that "GRANT ALL PRIVILEGES" gives a user the
right to create schemas and temporary tables, and that alone.
Whether you meant it or not, your initial comment came across as
patronizing.
Andrew Gold
Oliver Elphick wrote:
>On Tue, 2005-08-16 at 16:07 -0700, Andrew Gold wrote:
>
>
>>Obviously, I can write a script to iterate through all the tables, but
>>what exactly does "GRANT ALL PRIVILEGES ON DATABASE XXX" do if it
>>doesn't even grant basic access?
>>
>>
>
>See the man page for GRANT.
>
>It gives the right to create schemas and temporary tables in the
>database.
>
>
>
From | Date | Subject | |
---|---|---|---|
Next Message | Bruno Wolff III | 2005-08-17 15:54:55 | Re: GRANT ALL PRIVILEGES ON DATABASE |
Previous Message | D Kavan | 2005-08-17 15:24:31 | Re: vacuumdb -a -f |