Hello,
I tried to generalize a function that creates partitions
for a table and found out it's impossible to do it for grants.
Basically, what I want is a child table that takes it's grants
from parent table. IMHO quite reasonable request. But I don't
see a way to do it in pl/pgsql. (Writing parser in plpgsql
for aclitemout() output does not count.)
The form for the create statement is:
CREATE TABLE part (
[pre-9.0] LIKE parent INCLUDING INDEXES INCLUDING CONSTRAINTS
[9.0+] LIKE parent INCLUDING ALL -- skips grants
) INHERITS (parent);
Unless I'm missing something obvious, there is no way to take grants
from parent table.
My suggestions:
1) Have 'GRANTS' option for LIKE. Seems obvious.
2) Include 'GRANTS' option in 'ALL'. Also obvious.
3) Have a way to format aclitem into something
that can used to create GRANT statement easily. Eg:
pg_get_privilege_info(
IN priv aclitem,
OUT rolename text,
OUT privlist text[],
OUT privlist_with_grant_option text[]);
This allows doing complex introspection in pl/pgsql
and also helps tools that want to re-create table structure
in other databases.
Although 1)+2) and 3) seem like alternatives, I suggest doing all of them,
thus improving GRANT usage across the board.
Comments?
--
marko
NB: this mail is about designing and accepting TODO-items.
I might do them myself sometime, but I don't mind if anyone
implements them before me..
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
