Re: Sequence privileges

Joe Conway <mail@joeconway.com> writes:
> Tom Lane wrote:
>> what we really have is:
>> 
>> SELECT: read sequence as a table
>> UPDATE: all sequence-specific operations.

> Since the sequence-specific operations are really just function calls, 
> maybe it should be:
>     SELECT:  read sequence as a table
>     EXECUTE: all sequence-specific operations.

But is it worth creating a compatibility problem for?  Existing pg_dump
scripts are likely to GRANT UPDATE.  They certainly won't say GRANT
EXECUTE since that doesn't even exist in current releases.

I agree that EXECUTE (or some sequence-specific permission name we might
think of instead) would be logically cleaner, but I don't think it's
worth the trouble of coming up with a compatibility workaround.  UPDATE
doesn't seem unreasonably far off the mark.
        regards, tom lane