| From: | Randall Perry <rgp(at)systame(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Sam Barnett-Cormack <s(dot)barnett-cormack(at)lancaster(dot)ac(dot)uk> |
| Cc: | <olly(at)lfix(dot)co(dot)uk>, <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: How do I grant access to entire database at |
| Date: | 2004-07-28 18:14:40 |
| Message-ID: | BD2D6550.7FABE%rgp@systame.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
What might be nice is a deductive syntax, so you can GRANT ALL and then
remove privileges for certain objects:
GRANT ALL ON DATABASE foo TO user EXCEPT...
> It is perhaps interesting to do something like
> GRANT SELECT ON TABLE foo.* TO user;
> but I'm not sure this is so useful as to be worth enshrining in the
> syntax. You could also argue that it's a potential security hole since
> it'd be mighty easy to grant rights you didn't intend to on objects you
> didn't realize would match the wildcard. (And that'd be true in spades
> if the effect of the command were to automatically grant the same rights
> on matching objects created in the future, which is what I think some of
> the people asking for this sort of thing wanted. But I'm outright
> scared of that idea.)
--
Randall Perry
sysTame
Xserve Web Hosting/Co-location
Website Design/Development
WebObjects Hosting
Mac Consulting/Sales
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Stark | 2004-07-28 20:16:10 | Re: [ADMIN] Secure DB Systems - How to |
| Previous Message | Tom Lane | 2004-07-28 16:58:52 | Re: [HACKERS] Point in Time Recovery |