Re: Default permissisons from schemas

On 1/24/07, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> err, what proposal wasn't touching the GRANT syntax at all but rather

right, but the original proposal did:
# %Allow GRANT/REVOKE permissions to be applied to all schema objects
with one command

which was more or less (with the NEW TABLES flavor of the command)
duplicated by:

# Allow GRANT/REVOKE permissions to be inherited by objects based on
schema permissions

and your proposal would make alter schema (and presumably create
schema) the only command(s) that deal with privileges excluding
grant/revoke. That, IMO is actually a bad thing...a surprising
behavior. I think the 'new tables' form is better but has the same
problems as your proposal in that it does not disambiguate sequences
from tables, etc. It would however solve (I think!) your problem
without resorting to ownership delegation.

>I don't think it makes sense to have this syntax be part of the GRANT
syntax since it's really about a schema..

So, basically I disagree with the above, and agree with the others wrt
ownership change, but very much agree if it is pratical that having
some mechanism of applying permissions to objects when they are
created depending on which schema they are in is a good thing.

merlin

merlin