"Merlin Moncure" <[EMAIL PROTECTED]> writes:
> Is the price of looking up a schema a deal breaker here, or is it
> possible to avoid it?
My guess is "no" as to both questions. I've never seen any profiles
suggesting that permissions-checking is a significant part of query
startup. In any case, i
> > GRANT SELECT ON ALL TABLES IN public TO phpuser;
> > GRANT SELECT ON NEW TABLES IN public TO phpuser;
>
> > Really better than this?
> > GRANT { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES |
TRIGGER
> > | EXECUTE | CREATE | ALL [ PRIVILEGES ] }ON SCHEMA schemaname [,
> > ...]
>
"Merlin Moncure" <[EMAIL PROTECTED]> writes:
> Is this:
> GRANT SELECT ON ALL TABLES IN public TO phpuser;
> GRANT SELECT ON NEW TABLES IN public TO phpuser;
> Really better than this?
> GRANT { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER
> | EXECUTE | CREATE | ALL [ PRIVILEGES
Matthias wrote:
> I think it is best to code the basic functionallity within the two new
> commands, and see
> how this works out. We can add your idea and others on top of it later
> on.
I think you should do whatever you think is most
appropriate...discussion can of course continue after you hav
Hi Merlin,
sorry - I replied to Tom & PG hackers before I saw you last post.
I think it is best to code the basic functionallity within the two new
commands, and see
how this works out. We can add your idea and others on top of it later
on.
what about that?
cheers,
Matthias
-
> Josh's last suggestion (ALL TABLES IN someschema) seems to me to be a
> reasonable compromise between usefulness, syntactic weirdness, and
> hiding implementation details.
Maybe it is not necessary to extend the syntax to distinguish between
the two cases. Maybe it's worth considering to have n
On Sat, Jan 29, 2005 at 12:01:09AM -0500, Tom Lane wrote:
> Alvaro Herrera <[EMAIL PROTECTED]> writes:
> > What about a list,
>
> > GRANT ... ON TABLE table1, table2, ... TO user1, user2, ...;
>
> We already allow a list (and have since at least 7.0).
>
> > It would be good if it was a list of w
Alvaro Herrera <[EMAIL PROTECTED]> writes:
> What about a list,
> GRANT ... ON TABLE table1, table2, ... TO user1, user2, ...;
We already allow a list (and have since at least 7.0).
> It would be good if it was a list of wildcards.
I'm a bit itchy about allowing wildcards --- it doesn't seem to
Alvaro Herrera wrote:
> On Fri, Jan 28, 2005 at 09:17:46PM +0100, Matthias Schmidt wrote:
>
> > a) accept some sort of wildcard for the grant on table syntax:
> >GRANT ... ON TABLE schema.*
>
> What about a list,
>
> GRANT ... ON TABLE table1, table2, ... TO user1, user2, ...;
>
> It would
On Fri, Jan 28, 2005 at 09:17:46PM +0100, Matthias Schmidt wrote:
> a) accept some sort of wildcard for the grant on table syntax:
>GRANT ... ON TABLE schema.*
What about a list,
GRANT ... ON TABLE table1, table2, ... TO user1, user2, ...;
It would be good if it was a list of wildcards. No
"Merlin Moncure" <[EMAIL PROTECTED]> writes:
>> You left out SEQUENCES.
> And views, but he was just listing the acceptable targets to the 'grant'
> command. Basically, views and sequences are treated as tables in this
> respect.
Right. Also, LANGUAGEs do not live within schemas, so they drop o
> > 1. TABLE
> > 2. DATABASE
> > 3. FUNCTION
> > 4. LANGUAGE
> > 5. SCHEMA
> > 6. TABLESPACE
>
> You left out SEQUENCES.
And views, but he was just listing the acceptable targets to the 'grant'
command. Basically, views and sequences are treated as tables in this
respect.
Merlin
--
On Fri, Jan 28, 2005 at 21:17:46 +0100,
Matthias Schmidt <[EMAIL PROTECTED]> wrote:
> Hi everybody,
>
> I thought a little bit on possible GRANT syntax for granting to groups
> of objects.
>
> In general, we have the following entities we can grant permissions to:
>
> 1. TABLE
> 2. DATABASE
>
Hi everybody,
I thought a little bit on possible GRANT syntax for granting to groups
of objects.
In general, we have the following entities we can grant permissions to:
1. TABLE
2. DATABASE
3. FUNCTION
4. LANGUAGE
5. SCHEMA
6. TABLESPACE
since the requirement is to grant to all objects in a given
> TODO1: Allow GRANT/REVOKE permissions to be applied to all schema
> objects with one command.
> TODO2: Assign Permissions to schemas wich get automatically inherited
> by objects created in the schema.
>
> a) should we pursue both of them?
> b) how can a syntax for TODO1 look like? Anchored at '
Hi Tom + *,
as I learned from severall posts this TODO splits into two distinct
TODO's
TODO1: Allow GRANT/REVOKE permissions to be applied to all schema
objects with one command.
TODO2: Assign Permissions to schemas wich get automatically inherited
by objects created in the schema.
my question
16 matches
Mail list logo