| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | David Fetter <david(at)fetter(dot)org> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, pgsql-hackers(at)postgresql(dot)org, Jaime Casanova <jcasanov(at)systemguards(dot)com(dot)ec> |
| Subject: | Re: about truncate |
| Date: | 2009-01-08 12:39:52 |
| Message-ID: | 4965F418.1050104@gmx.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
David Fetter wrote:
> +1 for adding recursion to GRANT/REVOKE :)
This area is under SQL standard control, so we can't really invent our
own behavior.
Consider the following:
CREATE TABLE persons (name, email);
CREATE TABLE employees (grade, salary) INHERITS (persons);
GRANT SELECT ON persons TO allstaff; -- ???
GRANT SELECT ON employees TO managers;
What you want in practice is that allstaff can read only those columns
of employees that come from the persons table. Both recursive and
nonrecursive GRANT do the wrong thing here.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2009-01-08 12:58:44 | Re: New patch for Column-level privileges |
| Previous Message | Simon Riggs | 2009-01-08 12:38:02 | Re: Latest version of Hot Standby patch |