Re: Per-user schemas with inherited skeleton.

On Wed, Jan 7, 2009 at 11:39 PM, Craig Ringer
<craig(at)postnewspapers(dot)com(dot)au> wrote:
> Scott Marlowe wrote:
>
>>>> Is there a way to let PostgreSQL to allow inherited tables to be owned
>>>> by different roles?
>>>
>>> Not that I know of, and given the security implications I'd be a bit
>>> nervous
>>> about it unless it was done via an explicitly GRANTed right.
>>
>> I hope here you're meaning to have tables that are inheritable by
>> various non-role members. It works as long as everyone's in the same
>> group role with the right permissions. Since you'd have to change
>> ownership to the group role for the parent table, everyone would, in
>> effect, own it now. But if you wanna do it...
>
> That's right - I refer to inheritance by a user that's not a member of the
> role that owns the table.
>
> If the inheriting users *are* a member of the owning role of the parent
> table, then they can select and update the shared-structure part of OTHER
> users' records via the parent table, as well as their own. IIRC they can
> delete other users records via the parent table, too. Not ideal if the
> various users are supposed to be blind to each others' data, as appears to
> be the case here.

Also alter table gets locked by the child tables. If stan, a member
of sharing, tries to change the inherited table top, which user ted
has inherited, he gets an error saying he has to have alter perms on
ted's table.