Alvaro Herrera wrote:
If I am reading the (7.4) docs correctly, privileges can be granted
only with respect to tables that exist at the time the GRANT command
is given
Yes.
In fact, I have to individually grant access to each table, and any
associated sequences, yes? How dangerous is it to UPDATE pg_class
directly, perhaps copying the relacl column for a table that I've
done by hand with GRANT. I'm thinking something like this:
=> grant all on annotations to public;
=> update pg_class set relacl = (select relacl from pg_class where
relname = 'annotations')
where relnamespace = (select oid from pg_namespace where nspname =
'public');
This will "grant" access to indexes and other stuff that may be
unnecessary, but is this a sound approach? (By the way, are there in
fact any other kinds of objects that I may need to allow access to,
other than tables and sequences?)
Another solution to my access control issues is to change the owner
of the tables and sequences. Can I safely do this with an UPDATE on
pg_class?
Thanks, and sorry if these are dumb questions, but I haven't been
able to glean the answers directly from the docs.
- John Burger
MITRE
