Re: Foreign table permissions and cloning

On mån, 2011-04-25 at 13:35 -0400, Robert Haas wrote:
> Hmm, it appears we had some pre-existing inconsistency here, because
> ALL TABLES IN <schema> currently includes views.

Which makes sense because you use GRANT ... ON TABLE to grant privileges
to views.

> That's weird, but
> it'll be even more weird if we adopt the approach suggested by this
> patch, which creates ALL FOREIGN TABLES IN <schema> but allows ALL
> TABLES IN <schema> to go on including views.  Maybe there is an
> argument for having ALL {TABLES|VIEWS|FOREIGN TABLES} IN <schema> - or
> maybe there isn't - but having two out of the three of them doesn't do
> anything for me.  For now I think we should go with the path of least
> resistance and just document that ALL TABLES IN <schema> now includes
> not only views but also foreign tables.

Yes.

> Putting that together with the comments already made upthread, the
> only behavior changes I think we should make here are:
> 
> - Add GRANT privilege [(column_list)] ON FOREIGN TABLE table TO role.
> - Require that the argument to GRANT privilege [(column_list)] ON
> TABLE TO role be an ordinary table, not a foreign table.

But that would be contrary to the SQL standard.  The current behavior is
fine, AFAICT.