Re: [HACKERS] grants
On Wed, 10 Mar 2004, Andreas Pflug wrote: > Kris Jurka wrote: > > >On Wed, 10 Mar 2004, Andreas Pflug wrote: > > > >The problem that cannot be solved with either this or a function that > >loops and grants on each table is that it is not a permanent grant of what > >the admin had in mind. If a new table is added or an existing table is > >dropped and recreated, the grants must be done again. The real use of a > >SELECT ANY TABLE permission is ignorance of schema updates. > > > > > Hm, does this exist in other DBMS? > As soon as roles are implemented, there might be a default role > ('public') for this. Until then, using groups solves most of the > problems (well, you certainly still need to GRANT rights to your > preferred group). > Groups help, but only if you want to GRANT to more than one user, and you still need to do it on after schema changes. I know this is implemented in at least Oracle, SELECT ANY TABLE is in fact the permission name used. Kris Jurka ---(end of broadcast)--- TIP 2: you can get off all lists at once with the unregister command (send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])
Re: [HACKERS] grants
Kris Jurka wrote: On Wed, 10 Mar 2004, Andreas Pflug wrote: Edgar Mares wrote: hi there i'm having troubles to find how to GRANT SELECT ON all-tables-onmydb TO specificuser this is just to give the access to "specificuser" to query the database and find troubles on it pgAdmin II has a tool for that (Security wizard; pgAdmin III has it on the todo-list) The problem that cannot be solved with either this or a function that loops and grants on each table is that it is not a permanent grant of what the admin had in mind. If a new table is added or an existing table is dropped and recreated, the grants must be done again. The real use of a SELECT ANY TABLE permission is ignorance of schema updates. Hm, does this exist in other DBMS? As soon as roles are implemented, there might be a default role ('public') for this. Until then, using groups solves most of the problems (well, you certainly still need to GRANT rights to your preferred group). Regards, Andreas ---(end of broadcast)--- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
Re: [HACKERS] grants
On Wed, 10 Mar 2004, Andreas Pflug wrote: > Edgar Mares wrote: > > > hi there i'm having troubles to find how to > > GRANT SELECT ON all-tables-onmydb TO specificuser > > > > this is just to give the access to "specificuser" to query the > > database and find troubles on it > > pgAdmin II has a tool for that (Security wizard; pgAdmin III has it on > the todo-list) > The problem that cannot be solved with either this or a function that loops and grants on each table is that it is not a permanent grant of what the admin had in mind. If a new table is added or an existing table is dropped and recreated, the grants must be done again. The real use of a SELECT ANY TABLE permission is ignorance of schema updates. Kris Jurka ---(end of broadcast)--- TIP 2: you can get off all lists at once with the unregister command (send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])
Re: [HACKERS] grants
Edgar Mares wrote: hi there i'm having troubles to find how to GRANT SELECT ON all-tables-onmydb TO specificuser this is just to give the access to "specificuser" to query the database and find troubles on it pgAdmin II has a tool for that (Security wizard; pgAdmin III has it on the todo-list) Regards, Andreas ---(end of broadcast)--- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
Re: [HACKERS] grants
hi there i'm having troubles to find how to GRANT SELECT ON all-tables-onmydb TO specificuser There isn't any such command. You need to write a stored procedure to do it for you in a loop. Chris ---(end of broadcast)--- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
[HACKERS] grants
hi there i'm having troubles to find how to GRANT SELECT ON all-tables-onmydb TO specificuser this is just to give the access to "specificuser" to query the database and find troubles on it thnx for your time ---(end of broadcast)--- TIP 2: you can get off all lists at once with the unregister command (send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])