On Thu, Jan 08, 2009 at 02:39:52PM +0200, Peter Eisentraut wrote: > David Fetter wrote: >> +1 for adding recursion to GRANT/REVOKE :) > > This area is under SQL standard control, so we can't really invent our > own behavior. > > Consider the following: > > CREATE TABLE persons (name, email); > CREATE TABLE employees (grade, salary) INHERITS (persons); > > GRANT SELECT ON persons TO allstaff; -- ??? > GRANT SELECT ON employees TO managers; > > What you want in practice is that allstaff can read only those columns > of employees that come from the persons table. Both recursive and > nonrecursive GRANT do the wrong thing here.
What *would* do the right thing here, or would anything? Cheers, David (not getting into the design decisions implicit in the above tables, which IMHO is not right) -- David Fetter <da...@fetter.org> http://fetter.org/ Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter Skype: davidfetter XMPP: david.fet...@gmail.com Remember to vote! Consider donating to Postgres: http://www.postgresql.org/about/donate -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
