Re: Controlling access to Sequences

Hi Tom,

Thanks for the response.

On Saturday, February 1, 2003, at 03:09  PM, Tom Lane wrote:

> Matthew Horoschun <mhoroschun@canprint.com.au> writes:
>> My understanding is that I need to GRANT the UPDATE privilege on the
>> SEQUENCE if I want a user to be able to to use nextval() on it. The
>> trouble is, if they can do a nextval() they can also do a setval()
>
> So?  With enough time on your hands, you can apply nextval() often
> enough to get from any point A to any point B.  It seems illusory
> to think that forbidding setval() makes things more secure.


Absolutely, You're right. nextval() is just as troublesome.

I don't want to arbitrarily restrict access to setval(). I just want a 
safer way of handling automatic allocation of primary keys on certain 
tables.

Should I just avoid SEQUENCES altogether and use the OIDs under normal 
circumstances and the MAX( id ) + 1 style thing when I need a 
human-usable number?

Matthew.