Re: [HACKERS] grants
On Wed, 10 Mar 2004, Andreas Pflug wrote:
> Kris Jurka wrote:
>
> >On Wed, 10 Mar 2004, Andreas Pflug wrote:
> >
> >The problem that cannot be solved with either this or a function that
> >loops and grants on each table is that it is not a permanent grant of what
> >the admin had in mind. If a new table is added or an existing table is
> >dropped and recreated, the grants must be done again. The real use of a
> >SELECT ANY TABLE permission is ignorance of schema updates.
> >
> >
> Hm, does this exist in other DBMS?
> As soon as roles are implemented, there might be a default role
> ('public') for this. Until then, using groups solves most of the
> problems (well, you certainly still need to GRANT rights to your
> preferred group).
>
Groups help, but only if you want to GRANT to more than one user, and you
still need to do it on after schema changes. I know this is implemented
in at least Oracle, SELECT ANY TABLE is in fact the permission
name used.
Kris Jurka
---(end of broadcast)---
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])
Re: [HACKERS] grants
Kris Jurka wrote:
On Wed, 10 Mar 2004, Andreas Pflug wrote:
Edgar Mares wrote:
hi there i'm having troubles to find how to
GRANT SELECT ON all-tables-onmydb TO specificuser
this is just to give the access to "specificuser" to query the
database and find troubles on it
pgAdmin II has a tool for that (Security wizard; pgAdmin III has it on
the todo-list)
The problem that cannot be solved with either this or a function that
loops and grants on each table is that it is not a permanent grant of what
the admin had in mind. If a new table is added or an existing table is
dropped and recreated, the grants must be done again. The real use of a
SELECT ANY TABLE permission is ignorance of schema updates.
Hm, does this exist in other DBMS?
As soon as roles are implemented, there might be a default role
('public') for this. Until then, using groups solves most of the
problems (well, you certainly still need to GRANT rights to your
preferred group).
Regards,
Andreas
---(end of broadcast)---
TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
Re: [HACKERS] grants
On Wed, 10 Mar 2004, Andreas Pflug wrote: > Edgar Mares wrote: > > > hi there i'm having troubles to find how to > > GRANT SELECT ON all-tables-onmydb TO specificuser > > > > this is just to give the access to "specificuser" to query the > > database and find troubles on it > > pgAdmin II has a tool for that (Security wizard; pgAdmin III has it on > the todo-list) > The problem that cannot be solved with either this or a function that loops and grants on each table is that it is not a permanent grant of what the admin had in mind. If a new table is added or an existing table is dropped and recreated, the grants must be done again. The real use of a SELECT ANY TABLE permission is ignorance of schema updates. Kris Jurka ---(end of broadcast)--- TIP 2: you can get off all lists at once with the unregister command (send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])
Re: [HACKERS] grants
Edgar Mares wrote: hi there i'm having troubles to find how to GRANT SELECT ON all-tables-onmydb TO specificuser this is just to give the access to "specificuser" to query the database and find troubles on it pgAdmin II has a tool for that (Security wizard; pgAdmin III has it on the todo-list) Regards, Andreas ---(end of broadcast)--- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
Re: [HACKERS] grants
hi there i'm having troubles to find how to GRANT SELECT ON all-tables-onmydb TO specificuser There isn't any such command. You need to write a stored procedure to do it for you in a loop. Chris ---(end of broadcast)--- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
[HACKERS] grants
hi there i'm having troubles to find how to GRANT SELECT ON all-tables-onmydb TO specificuser this is just to give the access to "specificuser" to query the database and find troubles on it thnx for your time ---(end of broadcast)--- TIP 2: you can get off all lists at once with the unregister command (send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])
