On Thu, Jan 26, 2006 at 10:25:40PM +0800, William ZHANG wrote:
>
> I think we should pay attention to the sematic of table privs and column
> privs.
> Here is some examples.
>
> 1. role1 GRANT table priviledge SELECT on table S to role2.
> role1 REVOKE column priviledge SELECT on column S(SNO) from role2.
As I understand the SQL spec, the first (table-level) GRANT you specified
would be equivalent to repeating an appropriate column-level GRANT for
every column of S. My thought was to check the column privs and apply
this logic:
if user matches an acl for the column
.. and priv is granted, then permit
.. else priv is not granted, reject
else fall through to table privileges
> 2. deal with circles in GRANT graph.
Can you give an examle for how this is any different for column-level
GRANTs?
--
kevin brintnall =~ <[EMAIL PROTECTED]>
---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to [EMAIL PROTECTED] so that your
message can get through to the mailing list cleanly
