From: | Craig Ringer <craig(at)postnewspapers(dot)com(dot)au> |
---|---|
To: | Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com> |
Cc: | alvarezp(at)alvarezp(dot)ods(dot)org, pgsql-general(at)postgresql(dot)org |
Subject: | Re: Per-user schemas with inherited skeleton. |
Date: | 2009-01-08 06:39:38 |
Message-ID: | 49659FAA.3040007@postnewspapers.com.au |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Scott Marlowe wrote:
>>> Is there a way to let PostgreSQL to allow inherited tables to be owned
>>> by different roles?
>> Not that I know of, and given the security implications I'd be a bit nervous
>> about it unless it was done via an explicitly GRANTed right.
>
> I hope here you're meaning to have tables that are inheritable by
> various non-role members. It works as long as everyone's in the same
> group role with the right permissions. Since you'd have to change
> ownership to the group role for the parent table, everyone would, in
> effect, own it now. But if you wanna do it...
That's right - I refer to inheritance by a user that's not a member of
the role that owns the table.
If the inheriting users *are* a member of the owning role of the parent
table, then they can select and update the shared-structure part of
OTHER users' records via the parent table, as well as their own. IIRC
they can delete other users records via the parent table, too. Not ideal
if the various users are supposed to be blind to each others' data, as
appears to be the case here.
--
Craig Ringer
From | Date | Subject | |
---|---|---|---|
Next Message | Sherman Brown | 2009-01-08 06:58:15 | SQL state: 22P02 Error during a COPY FROM a CSV file |
Previous Message | Scott Marlowe | 2009-01-08 05:58:34 | Re: Per-user schemas with inherited skeleton. |