* Andrew Dunstan <and...@dunslane.net> [090630 09:08]: > > > Aidan Van Dyk wrote: >> >> *especially* if those grants remain "by reference", i.e. If I change the >> GRANTS/REVOKES on sensitive_table, those are automatically "apply" to all >> tables created with the "WITH GRANTS LIKE sensitive_table"... >> >> >> > > Isn't that exactly what Tom is objecting to, namely that the permissions > of an object would not be contained entirely in catalog entry for the > object itself?
Well, it depends on how it's done... If one of the permissions on an object you can assign is "look at $X", the you don't get the "hidden permissions" problem. The object itself still contains everything you need to "trace" the permissions of an object... I have no idea if it's something that even half-aligns with the internal permission model/code... a. -- Aidan Van Dyk Create like a god, ai...@highrise.ca command like a king, http://www.highrise.ca/ work like a slave.
signature.asc
Description: Digital signature