On Tue, Mar 25, 2008 at 05:37:00PM -0400, Malinka Rellikwodahs wrote: > On Tue, Mar 25, 2008 at 2:54 PM, Joshua D. Drake wrote: > > On Tue, 25 Mar 2008 13:37:37 -0500 Jon Roberts wrote: > > > It would be a nice enhancement to have a "select any table" privilege > > > or at least "grant insert/update/delete/select on <schema_name>". > > > > Certainly, but it is also a foot gun. > > I'm just curious how would having the ability to grant privileges to a > schema be a foot gun? In ACL (Access Control List) systems this sort of "privilege" isn't very natural. The closest thing I can imagine is by having a "default" set of permissions that the user has control over, rather than currently where the set of default permissions is fixed by PG to only include unrestricted access by the owner. Another solution, and probably the footgun that Joshua was referring to, would be to have some code that is automatically run when a new object is created that grants read-only access. I don't think PG provides a way to do this at the moment though. Other security models allow this case to be more directly expressed. My current favourite is capability based security, it allows you to directly say that "auditors" have transitively read-only access to specific things (i.e. the entire database). Sam -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general