Re: Directory/File Access Permissions for COPY and Generic File Access Functions

Alvaro,

I think it would make more sense if the file-accessing command specified
> the DIRALIAS (or DIRECTORY, whatever we end up calling this) and a
> pathname relative to the base one. Something like
>
> postgres=# CREATE DIRECTORY logdir ALIAS FOR '/pgsql/data/pg_log';

Following this, what do you think about simply expanding DIRALIAS out into
to DIRECTORY ALIAS? So instead:

CREATE DIRECTORY ALIAS <name> AS '<path>'

or...

CREATE DIRECTORY ALIAS <name> FOR '<path>'

My thought on this is towards the natural word order of the command. Also,
I think having it as CREATE DIRECTORY ALIAS minimizes confusion, as I think
Stephen mentioned, that we are creating an alias, not an actual directory.
Thoughts?

postgres=# GRANT READ ON DIRECTORY logdir TO logscanner;
>

I personally like this form the most, however, I think the greatest hurdle
with it is that it would require making READ (and WRITE) reserved
keywords. Obviously, I think that is a non-starter.

> logscanner=> COPY logtable FROM 'postgresql-2014-10-28.csv' IN DIRECTORY
> logdir;
>

That's an interesting thought. Would 'IN DIRECTORY' be restricted to just
the alias name? I'm not sure it would make sense to allow a directory path
there, as what would be the point? At any rate, just food for thought.

The ALTER ROLE GRANT READ idea proposed downthread is nice also,

Agreed and probably the most logical option at this point?

but one
> advantage of this is not having absolute path names in the COPY command.

Pardon my ignorance, but can you help me understand the advantage of not
having absolute path names in the COPY command?

-Adam

--
Adam Brightwell - adam(dot)brightwell(at)crunchydatasolutions(dot)com
Database Engineer - www.crunchydatasolutions.com