Re: Sequence privileges

On Sat, 18 May 2002 19:45:30 -0400
"Tom Lane" <tgl@sss.pgh.pa.us> wrote:
> Joe Conway <mail@joeconway.com> writes:
> > Since the sequence-specific operations are really just function calls, 
> > maybe it should be:
> >     SELECT:  read sequence as a table
> >     EXECUTE: all sequence-specific operations.
> 
> But is it worth creating a compatibility problem for?  Existing pg_dump
> scripts are likely to GRANT UPDATE.  They certainly won't say GRANT
> EXECUTE since that doesn't even exist in current releases.
> 
> I agree that EXECUTE (or some sequence-specific permission name we might
> think of instead) would be logically cleaner, but I don't think it's
> worth the trouble of coming up with a compatibility workaround.

Well, one possible compatibility workaround would be trivial -- we could
hack GRANT so that doing GRANT UPDATE on sequence relations is
translated into GRANT EXECUTE.

As for whether it's worth the bother, I'm not sure -- neither
solution strikes me as particularly clean.

Cheers,

Neil

-- 
Neil Conway <neilconway@rogers.com>
PGP Key ID: DB3C29FC