On Wed, Jan 7, 2009 at 11:39 PM, Craig Ringer <craig@xxxxxxxxxxxxxxxxxxxxx> wrote: > Scott Marlowe wrote: > >>>> Is there a way to let PostgreSQL to allow inherited tables to be owned >>>> by different roles? >>> >>> Not that I know of, and given the security implications I'd be a bit >>> nervous >>> about it unless it was done via an explicitly GRANTed right. >> >> I hope here you're meaning to have tables that are inheritable by >> various non-role members. It works as long as everyone's in the same >> group role with the right permissions. Since you'd have to change >> ownership to the group role for the parent table, everyone would, in >> effect, own it now. But if you wanna do it... > > That's right - I refer to inheritance by a user that's not a member of the > role that owns the table. > > If the inheriting users *are* a member of the owning role of the parent > table, then they can select and update the shared-structure part of OTHER > users' records via the parent table, as well as their own. IIRC they can > delete other users records via the parent table, too. Not ideal if the > various users are supposed to be blind to each others' data, as appears to > be the case here. Also alter table gets locked by the child tables. If stan, a member of sharing, tries to change the inherited table top, which user ted has inherited, he gets an error saying he has to have alter perms on ted's table. -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
