Re: about truncate

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: David Fetter <david(at)fetter(dot)org>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, pgsql-hackers(at)postgresql(dot)org, Jaime Casanova <jcasanov(at)systemguards(dot)com(dot)ec>
Subject: Re: about truncate
Date: 2009-01-08 12:39:52
Message-ID: 4965F418.1050104@gmx.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

David Fetter wrote:
> +1 for adding recursion to GRANT/REVOKE :)

This area is under SQL standard control, so we can't really invent our
own behavior.

Consider the following:

CREATE TABLE persons (name, email);
CREATE TABLE employees (grade, salary) INHERITS (persons);

GRANT SELECT ON persons TO allstaff; -- ???
GRANT SELECT ON employees TO managers;

What you want in practice is that allstaff can read only those columns
of employees that come from the persons table. Both recursive and
nonrecursive GRANT do the wrong thing here.

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2009-01-08 12:58:44 Re: New patch for Column-level privileges
Previous Message Simon Riggs 2009-01-08 12:38:02 Re: Latest version of Hot Standby patch