Thread
-
Privileges
Simon Riggs <simon@2ndquadrant.com> — 2010-04-19T21:27:39Z
There is a command to set privileges GRANT SELECT ON ALL TABLES IN SCHEMA foo TO PUBLIC; and a command to set default privileges ALTER DEFAULT PRIVILEGES IN SCHEMA foo GRANT SELECT ON TABLES TO PUBLIC; In the first command the ALL is required, whereas in the second command the ALL must be absent. ISTM that the ALL should be optional in both cases. Same thing is true for FUNCTIONS and SEQUENCES. Both options are new in 9.0. Any objections to implementing this simple patch? -- Simon Riggs www.2ndQuadrant.com
-
Re: Privileges
Tom Lane <tgl@sss.pgh.pa.us> — 2010-04-19T23:26:26Z
Simon Riggs <simon@2ndQuadrant.com> writes: > There is a command to set privileges > GRANT SELECT ON ALL TABLES IN SCHEMA foo TO PUBLIC; > and a command to set default privileges > ALTER DEFAULT PRIVILEGES IN SCHEMA foo > GRANT SELECT ON TABLES TO PUBLIC; > In the first command the ALL is required, whereas in the second command > the ALL must be absent. > ISTM that the ALL should be optional in both cases. I don't believe this is a good idea. ALL in the second statement would give a completely misleading impression, because it does *not* grant privileges on all tables, in particular it doesn't affect existing tables. Conversely, leaving out ALL in the first statement would limit our flexibility to insert additional options there in future. (ALL is a fully reserved word, TABLES isn't, so your proposal greatly increases the odds of future syntactic conflicts.) regards, tom lane