On Tue, 2009-07-07 at 11:16 -0400, Tom Lane wrote: > Simon Riggs <si...@2ndquadrant.com> writes: > > I would like to see > > GRANT ... ON ALL OBJECTS ... > > This seems inherently broken, since different types of objects > will have different grantable privileges. > > > (I'm sure we can do something intelligent with privileges that don't > > apply to all object types rather than just fail. e.g. UPDATE privilege > > should be same as USAGE on a sequence.) > > Anything you do in that line will be an ugly kluge, and will tend to > encourage insecure over-granting of privileges (ie GRANT ALL ON ALL > OBJECTS ... what's the point of using permissions at all then?)
My perspective would be that privilege systems that are too complex fall into disuse, leading to less security, not more. On any database that has moderate security or better permissions errors are one of the three errors on production databases. Simplifying the commands, by aggregating them or another way, is likely to yield benefits in usability for a wide range of users. Unix allows chmod to run against multiple object types. How annoying would it be if you had to issue chmodfile, chmodlink, chmoddir separately for each class of object. (Links don't barf if you try to set their file mode, for example). We follow the Unix file system in many other ways, why not this one? -- Simon Riggs www.2ndQuadrant.com PostgreSQL Training, Services and Support -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
