From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | "Daniel Verite" <daniel(at)manitou-mail(dot)org> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: Do we want SYNONYMS? |
Date: | 2010-12-07 01:44:59 |
Message-ID: | 6042.1291686299@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
"Daniel Verite" <daniel(at)manitou-mail(dot)org> writes:
> Michael C Rosenstein wrote:
>> Oracle "schema" == Postgres "database": a collection of objects
>> (tables, functions, triggers, views, etc) owned by a user.
> That definition applies to an Oracle schema, but not to a postgres database.
> Objects inside a postgres database are not confined to a unique owner. Even
> objects inside the same postgres schema don't have that constraint.
Hmm, perhaps that's related to something that was confusing me. The
Oracle page that Michael linked to says that synonyms can
* Mask the name and owner of an object
* Enable restricted access similar to specialized views when
exercising fine-grained access control
Taken at face value from a Postgres perspective, these statements seem
to imply that different ownership and permissions apply to a synonym
than to its referenced object; which seems like a completely horrid idea
from a security standpoint. But maybe they are only trying to say that
a synonym hides which *schema* the referenced object is in, and that is
tantamount to hiding the owner if you have the mindset that owner ==
schema. Can anyone elucidate on just what is behind those statements?
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Brent Wood | 2010-12-07 03:38:51 | Re: COPY FROM and INSERT INTO rules |
Previous Message | Daniel Verite | 2010-12-07 01:10:20 | Re: Do we want SYNONYMS? |