Re: Why sequence grant is separated from table?

On 19 June 2013 12:06, Rural Hunter <ruralhunter(at)gmail(dot)com> wrote:

> 于 2013/6/19 17:47, Szymon Guz 写道:
>
> On 19 June 2013 11:35, Rural Hunter <ruralhunter(at)gmail(dot)com> wrote:
>
>> I really hate the error "permission denied for sequence xxxxx" when I
>> grant on a table but forget to grant additionally on the related sequence
>> to users. Can the permission of table and related sequences be merged?
>>
>>
> I can imagine a situation where you want a user to be granted rights on
> a table, to use sequence with curval and nextval functions, but not setval,
> as it can provide some database problems.
>
> oh, is it possible to separately grant nextval and setval on sequence
> currently?
>
>
According to http://www.postgresql.org/docs/9.2/static/sql-grant.html

SELECTFor sequences, this privilege also allows the use of the currval
function.

UPDATEFor sequences, this privilege allows the use of the nextval and setval
functions.

>
> What's more, in general, you cannot say which sequence is used for which
> table, if the sequence is not owned by the table.
>
> Can we get it from the column definition such as a serial column?
>
>
Sure we can.

>
> Which permissions of a table do you want to merge with which permissions
> of sequences?
>
> At least granting insert on a table means to grant update on the sequence
> used by serial columns.
>

It could be done. Unfortunately it doesn't cover all cases, like some ORMs
which can use one sequence for many different tables, but of course for
serials it can be done.

Szymon