Re: Schema security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 13 Dec 2007 14:55:53 +0900
Paul Lambert <paul.lambert@reynolds.com.au> wrote:
> > The analogy to think about is that usage privilege on a schema is
> > comparable to read access on a directory.  That doesn't necessarily
> > give you access to any single file in the directory --- but lack of
> > it does ensure you cannot get to those files.
> > 
> >             regards, tom lane

> Point taken and yes, I would agree that default behavior should be to 
> not give priviledges to anything other than the explicitly defined 
> object - but would it not be a good idea to provide some sort of 
> cascade/recurse option to granting/revoking privileges so that doing
> so on a container object results in the priviledges being propogated
> down the line for the cases where such is desired?

Yes and it has been oft requested. However :), nobody has coded a patch
or submitted a proposal on how it would be done in a maintainable
manner.

> 
> Taking your example of file permissions - although it is not default 
> behavior, it is possible to recursively apply a priviledge change to
> a directory onto files/subdirectories within it. Certainly it can be
> done on OpenVMS and Windows that I work with primarily and I'm 99%
> sure it can be done on *ix systems too.

Yes *ix can do it to.

Sincerely,

Joshua D. Drake 


- -- 
The PostgreSQL Company: Since 1997, http://www.commandprompt.com/ 
Sales/Support: +1.503.667.4564   24x7/Emergency: +1.800.492.2240
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
SELECT 'Training', 'Consulting' FROM vendor WHERE name = 'CMD'


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHYX60ATb/zqfZUUQRAkK1AKCY8i5bHTUChaUp2LcovnSdgrwq+wCdHlCW
TdBpE7HUUVyr2OmzSnNQUKw=
=Ci4R
-----END PGP SIGNATURE-----