David Fetter wrote:
+1 for adding recursion to GRANT/REVOKE :)
This area is under SQL standard control, so we can't really invent our
own behavior.
Consider the following:
CREATE TABLE persons (name, email);
CREATE TABLE employees (grade, salary) INHERITS (persons);
GRANT SELECT ON persons TO allstaff; -- ???
GRANT SELECT ON employees TO managers;
What you want in practice is that allstaff can read only those columns
of employees that come from the persons table. Both recursive and
nonrecursive GRANT do the wrong thing here.
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
