Re: Latest requests from IRC

Added to TODO:
* Allow GRANT/REVOKE permissions to be given to all schema  objects with one command


---------------------------------------------------------------------------

Tom Lane wrote:
> Bruno Wolff III <bruno@wolff.to> writes:
> >   Christopher Kings-Lynne <chriskl@familyhealth.com.au> wrote:
> >> ... people want to be able to grant on all objects in a 
> >> database, etc:
> 
> > The right way to do this is to make sure there is a group that has access
> > to "everything" and just add people to the group.
> 
> Doesn't seem like that magically solves the problem, though.  You still
> have lots of pain involved in granting privs on everything to that
> group.
> 
> I don't have any fundamental problem with something like "GRANT SELECT
> ON TABLE * TO foo", seeing as how we already allow grants on multiple
> tables.  But we'd have to be very careful about how the scope of the *
> wildcard is defined.  For instance, if a superuser does it, does it
> really grant privs on *all* tables?  I'd hope that the system catalogs,
> at least, are not implicitly included in the wildcard scope.  For lesser
> mortals there is also the question of whether to error out or just
> ignore tables that you don't have privileges for.
> 
> Would it make sense to restrict the wildcard to a particular schema, viz
>     GRANT SELECT ON TABLE myschema.* TO foo
> This would neatly solve the question of how to exclude the system
> catalogs, and in most scenarios where people are wishing for this,
> I bet they've put all the objects in one schema anyway.
> 
>             regards, tom lane
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org
> 

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073