Re: GRANT ON ALL IN schema
| От | Robert Haas |
|---|---|
| Тема | Re: GRANT ON ALL IN schema |
| Дата | |
| Msg-id | 603c8f070908051251j5672e2dg67a46c5ab43f67f3@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: GRANT ON ALL IN schema (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
On Wed, Aug 5, 2009 at 3:40 PM, Tom Lane<tgl@sss.pgh.pa.us> wrote: > Robert Haas <robertmhaas@gmail.com> writes: >> I have one database that is set up with a reporting user (read only on >> everything). It requires constant maintenance. Every time an object >> is added or deleted (or dropped and recreated, like a view, which I do >> ALL THE TIME to work around the inability to add/remove columns) the >> permissions get shot to hell. I finally crontabbed a script that >> fixes it every 20 minutes. I had another database where I tried to do >> some real permission separation and it was just a huge pain in the >> ass. > >> Grant on all isn't gonna fix these problems completely, but it's a >> start. The DefaultACL stuff is another important step in the right >> direction. > > Seems like default ACLs, not grant-on-all, is what you want for that. Well, that helps with the maintenance, but you also have to set it up initially. There were already 100+ objects in the schema at the time the reporting user was created. ...Robert
В списке pgsql-hackers по дате отправления: