| From: | Oliver Elphick <olly(at)lfix(dot)co(dot)uk> |
|---|---|
| To: | Joe Conway <mail(at)joeconway(dot)com> |
| Cc: | pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Re: Schema (namespace) privilege details |
| Date: | 2002-04-19 01:49:12 |
| Message-ID: | 1019180956.32076.389.camel@linda |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, 2002-04-19 at 02:24, Joe Conway wrote:
> I like this general idea and syntax. But it seems awkward to have to
> have the privilege granted twice. What about:
>
> GRANT CREATE SCHEMA [IN { database | ALL }] TO user | PUBLIC
> REVOKE CREATE SCHEMA [IN { database | ALL }] FROM user | PUBLIC
I would naturally interpret granting permission IN ALL to mean that the
user would certainly be allowed permission in all databases, whereas it
ought to be clear that the permission given is only hypothetical and
subject to permission's being granted for a specific database.
> where lack of the IN clause implies the current database, and ALL
> implies a system-wide grant/revoke. System-wide could only be issued by
> a superuser, while a specific database command could be issued by the DB
> owner or a superuser.
--
Oliver Elphick Oliver(dot)Elphick(at)lfix(dot)co(dot)uk
Isle of Wight http://www.lfix.co.uk/oliver
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C
"For I am persuaded, that neither death, nor life, nor
angels, nor principalities, nor powers, nor things
present, nor things to come, nor height, nor depth,
nor any other creature, shall be able to separate us
from the love of God, which is in Christ Jesus our
Lord." Romans 8:38,39
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Rod Taylor | 2002-04-19 02:02:23 | Re: Schema (namespace) privilege details |
| Previous Message | Joe Conway | 2002-04-19 01:24:18 | Re: Schema (namespace) privilege details |