Re: [HACKERS] Allow GRANT/REVOKE permissions to be applied to all schema objects with one command

Fri, 28 Jan 2005 12:25:56 -0800 

Hi everybody,

I thought a little bit on possible GRANT syntax for granting to groups of objects.

In general, we have the following entities we can grant permissions to:

1. TABLE
2. DATABASE
3. FUNCTION
4. LANGUAGE
5. SCHEMA
6. TABLESPACE

since the requirement is to grant to all objects in a given schema (hope this still holds true) we are interested in:

TABLE
FUNCTION
LANGUAGE

The others (DATABASE, SCHEMA, TABLESPACE) are basically ruled out. I suspect that the majority of users like to grant to TABLE's and FUNCTIONS most of the time rather than LANGUAGE (correct me if i'm wrong).

This reduces the question to TABLE's and probably FUNCTION's. Now we have two choices:

a) accept some sort of wildcard for the grant on table syntax:
   GRANT ... ON TABLE schema.*

b) use something like CASCADE for the grant on schema syntax:
GRANT ... ON SCHEMA CASCADE
In this case the grant on schema's need to swallow the permissions
(SELECT, INSERT, UPDATE ...) which are intended for TABLES. This seems to me
kind of strange.

therefore I vote for Syntax a)

What do you think?

cheers,

Matthias



Hi Tom + *,

as I learned from severall posts this TODO splits into two distinct TODO's

TODO1: Allow GRANT/REVOKE permissions to be applied to all schema objects with one command.
TODO2: Assign Permissions to schemas wich get automatically inherited by objects created in the schema.

my questions are:

a) should we pursue both of them?
b) how can a syntax for TODO1 look like? Anchored at 'GRANT ... ON SCHEMA' or 'GRANT ... ON <objecttype>' ?

greetings,

Matthias

----------------------------------------------------------------------
Matthias Schmidt
Viehtriftstr. 49

67346 Speyer
GERMANY

Tel.: +49 6232 4867
Fax.: +49 6232 640089


---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?

              http://archives.postgresql.org


----------------------------------------------------------------------
Matthias Schmidt
Viehtriftstr. 49

67346 Speyer
GERMANY

Tel.: +49 6232 4867
Fax.: +49 6232 640089


---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
     subscribe-nomail command to [EMAIL PROTECTED] so that your
     message can get through to the mailing list cleanly

Reply via email to