Re: grant with hierarchy option

Peter Eisentraut <peter_e@gmx.net> writes:
> There is a gap in the permission scheme for inheritance setups.  Say you
> have this:

> CREATE TABLE persons (...);
> CREATE TABLE employees (...) INHERITS (persons);

> GRANT SELECT ON persons TO foo;

> Then user foo can extract who the employees are using

> SELECT * FROM persons EXCEPT SELECT * FROM ONLY persons;

And this is a problem why exactly?  It's entirely likely that
employee-ness can be determined just from what is visible in
the persons view, anyway.  Not to mention tableoid.

> I think this would be the proper and useful thing to do, especially in
> conjunction with the new recursive grant behavior.  There would probably
> be some upgrading issues.  For example, GRANTs imported via pg_dump from
> 8.4 would probably need to change SELECT to SELECT WITH HIERARCHY
> OPTION, and even that technically wouldn't cover all cases.

That sounds like "this will break everything in sight, especially
pre-existing dump files" :-(
        regards, tom lane