Re: [HACKERS] Inconsistent syntax in GRANT

Bruce Momjian <pgman@candle.pha.pa.us> writes:
> Tom Lane wrote:
>> Just ignore the inapplicable permissions during pg_dump.  I think you're
>> making this harder than it needs to be...

> I don't think we should allow GRANT DELETE ON seq in 8.2 for invalid
> permission.

That's fine, but pg_dump has to continue to work against old servers,
so it's going to have to be coded to ignore inapplicable permissions
anyway.  Contorting the server-side code to avoid that is pointless.

> Ignoring your insult, the code is structured this way:

>     check all permission bits
>     call object-type-specific routine
>         loop over each object and set permission bits

> so, to fix this, I would need to move the permission bit checks into
> object-type-specific routines so that I could check the permission bits
> for each object, rather than once in a single place.

You'd have to allow the union of relation and sequence rights during the
conversion to bitmask form in ExecuteGrantStmt, and then check more
closely inside the per-object loop in ExecGrant_Relation, but that
doesn't seem like a showstopper to me.  It certainly seems more pleasant
than exposing bizarre restrictions to users because we're sharing code
between the cases.

            regards, tom lane