[PATCH] ALTER DEFAULT PRIVILEGES with GRANT/REVOKE ON SCHEMAS
| От | Matheus de Oliveira |
|---|---|
| Тема | [PATCH] ALTER DEFAULT PRIVILEGES with GRANT/REVOKE ON SCHEMAS |
| Дата | |
| Msg-id | CAJghg4KYbiH=kZL4Va4P0RPSYxXBUo0N4EaaUR4_qaPn5G3t=A@mail.gmail.com обсуждение исходный текст |
| Ответы |
Re: [PATCH] ALTER DEFAULT PRIVILEGES with GRANT/REVOKE ON
SCHEMAS
Re: [PATCH] ALTER DEFAULT PRIVILEGES with GRANT/REVOKE ON SCHEMAS Re: [HACKERS] [PATCH] ALTER DEFAULT PRIVILEGES with GRANT/REVOKE ON SCHEMAS |
| Список | pgsql-hackers |
Hi all,
I noticed that we have no option to set default privileges for newly created schemas, other than calling GRANT explicitly. At work I use ALTER DEFAULT PRIVILEGE (ADP) command extensively, as the developers are permitted to manage DDL on the databases, and all work fine except for when a new schema is created. So,I'd like to propose this very simple patch (attached) that adds the capability of using SCHEMAS, adding the following syntax to ADP:
ALTER DEFAULT PRIVILEGES
[ FOR { ROLE | USER } target_role [, ...] ]
abbreviated_grant_or_revoke
where abbreviated_grant_or_revoke is one of:
GRANT { USAGE | CREATE | ALL [ PRIVILEGES ] }
ON SCHEMAS
TO { [ GROUP ] role_name | PUBLIC } [, ...] [ WITH GRANT OPTION ]
REVOKE [ GRANT OPTION FOR ]
{ USAGE | CREATE | ALL [ PRIVILEGES ] }
ON SCHEMAS
FROM { [ GROUP ] role_name | PUBLIC } [, ...]
[ CASCADE | RESTRICT ]
ALTER DEFAULT PRIVILEGES
[ FOR { ROLE | USER } target_role [, ...] ]
abbreviated_grant_or_revoke
where abbreviated_grant_or_revoke is one of:
GRANT { USAGE | CREATE | ALL [ PRIVILEGES ] }
ON SCHEMAS
TO { [ GROUP ] role_name | PUBLIC } [, ...] [ WITH GRANT OPTION ]
REVOKE [ GRANT OPTION FOR ]
{ USAGE | CREATE | ALL [ PRIVILEGES ] }
ON SCHEMAS
FROM { [ GROUP ] role_name | PUBLIC } [, ...]
[ CASCADE | RESTRICT ]
The patch itself is really straight forward (I'm new to sending patches, so I've chosen a simple one), and there is only one thing that concerns me (as in, if I did it right/good). The difference in syntax for SCHEMAS and the other objects is that IN SCHEMA option makes no sense here (as we don't have nested schemas), and to solve that I simple added the error "cannot use IN SCHEMA clause when using GRANT/REVOKE ON SCHEMAS".
Does that look good to you?
Also, should I add translations for that error message in other languages (I can do that without help of tools for pt_BR) or is that a latter process in the releasing?
Does that look good to you?
Also, should I add translations for that error message in other languages (I can do that without help of tools for pt_BR) or is that a latter process in the releasing?
Other than that, I added a few regression tests (similar to others used for ADP), and patched the documentation (my English is not that good, so I'm open to suggestions). Anything else I forgot?
Best regards,
--
Matheus de Oliveira
Вложения
В списке pgsql-hackers по дате отправления: