Re: Anticipatory privileges

Alvaro Herrera wrote:

>> If I am reading the (7.4) docs correctly, privileges can be granted
>> only with respect to tables that exist at the time the GRANT command
>> is given

> Yes.

In fact, I have to individually grant access to each table, and any
associated sequences, yes?  How dangerous is it to UPDATE pg_class
directly, perhaps copying the relacl column for a table that I've
done by hand with GRANT.  I'm thinking something like this:

=> grant all on annotations to public;
=> update pg_class set relacl = (select relacl from pg_class where
relname = 'annotations')
    where relnamespace = (select oid from pg_namespace where nspname =
'public');

This will "grant" access to indexes and other stuff that may be
unnecessary, but is this a sound approach?  (By the way, are there in
fact any other kinds of objects that I may need to allow access to,
other than tables and sequences?)

Another solution to my access control issues is to change the owner
of the tables and sequences.  Can I safely do this with an UPDATE on
pg_class?

Thanks, and sorry if these are dumb questions, but I haven't been
able to glean the answers directly from the docs.

- John Burger
   MITRE