Re: Do we want SYNONYMS?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Daniel Verite" <daniel(at)manitou-mail(dot)org>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: Do we want SYNONYMS?
Date: 2010-12-07 01:44:59
Message-ID: 6042.1291686299@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

"Daniel Verite" <daniel(at)manitou-mail(dot)org> writes:
> Michael C Rosenstein wrote:
>> Oracle "schema" == Postgres "database": a collection of objects
>> (tables, functions, triggers, views, etc) owned by a user.

> That definition applies to an Oracle schema, but not to a postgres database.
> Objects inside a postgres database are not confined to a unique owner. Even
> objects inside the same postgres schema don't have that constraint.

Hmm, perhaps that's related to something that was confusing me. The
Oracle page that Michael linked to says that synonyms can

* Mask the name and owner of an object

* Enable restricted access similar to specialized views when
exercising fine-grained access control

Taken at face value from a Postgres perspective, these statements seem
to imply that different ownership and permissions apply to a synonym
than to its referenced object; which seems like a completely horrid idea
from a security standpoint. But maybe they are only trying to say that
a synonym hides which *schema* the referenced object is in, and that is
tantamount to hiding the owner if you have the mindset that owner ==
schema. Can anyone elucidate on just what is behind those statements?

regards, tom lane

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Brent Wood 2010-12-07 03:38:51 Re: COPY FROM and INSERT INTO rules
Previous Message Daniel Verite 2010-12-07 01:10:20 Re: Do we want SYNONYMS?