restrict column-level GRANTs to a single relation?

Started by kevin brintnallalmost 20 years ago3 messages

kevin brintnall

kbrint@rufus.net

almost 20 years ago

Fellow hackers,

I'm curious about the best way to handle something like this:

GRANT SELECT (col1, col2, col3) ON table1, table2 TO grantee;

Is it reasonable to restrict this to a single relation, and throw an error
if multiple relations are specified? That would require the preceding
grant to be specified as:

GRANT SELECT (col1, col2, col3) ON table1 TO grantee;
GRANT SELECT (col1, col2, col3) ON table2 TO grantee;

The SQL standards don't seem to mandate the first form (unless I
misread?).. Do y'all think this is a reasonable compromise?

--
kevin brintnall =~ <kbrint@rufus.net>

Peter Eisentraut

peter_e@gmx.net

almost 20 years ago

In reply to: kevin brintnall (#1)

Re: restrict column-level GRANTs to a single relation?

Am Donnerstag, 19. Januar 2006 09:50 schrieb kevin brintnall:

GRANT SELECT (col1, col2, col3) ON table1, table2 TO grantee;

Is it reasonable to restrict this to a single relation, and throw an error
if multiple relations are specified?

Yes

--
Peter Eisentraut
http://developer.postgresql.org/~petere/

tgl@sss.pgh.pa.us

almost 20 years ago

In reply to: kevin brintnall (#1)

Re: restrict column-level GRANTs to a single relation?

kevin brintnall <kbrint@rufus.net> writes:

GRANT SELECT (col1, col2, col3) ON table1, table2 TO grantee;

Is it reasonable to restrict this to a single relation, and throw an error
if multiple relations are specified?

The SQL spec doesn't actually allow multiple things after GRANT ... ON
--- that's a PG extension.  So you could make the restriction and not
violate the spec.  OTOH it seems unlikely that this would save much.

regards, tom lane