Robert Haas <robertmh...@gmail.com> writes: > On Tue, Nov 8, 2016 at 9:48 AM, Stephen Frost <sfr...@snowman.net> wrote: >> Second, as always, what's the syntax going to actually be? I don't >> think GRANT SAME PERMISSIONS is going to work out too well in the >> parser, and it seems a bit grotty to me anyway. I do think this should >> be associated with GRANT rather than ALTER TABLE- GRANT is what we use >> for managing privileges on an object.
> One thing to think about is that GRANT sort of implies adding > privileges, but this operation would both add and remove privileges as > necessary. Other things to think about: 1. If you can GRANT x, that generally implies that you can REVOKE x. What would REVOKE SAME PERMISSIONS mean? 2. The GRANT/REVOKE syntax is largely governed by the SQL standard. We risk getting boxed in by picking something that will conflict with future spec extensions in this area. On the whole, I suspect some sort of "ALTER TABLE x COPY PERMISSIONS FROM y" syntax would be better. BTW, please specify what the grantor of the resulting permissions would be. I rather doubt that it should involve blindly copying the source ACL if the user doing the COPY is not the original grantor --- that feels way too much like a security problem waiting to happen. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers