What might be nice is a deductive syntax, so you can GRANT ALL and then
remove privileges for certain objects:
GRANT ALL ON DATABASE foo TO user EXCEPT...
> It is perhaps interesting to do something like
> GRANT SELECT ON TABLE foo.* TO user;
> but I'm not sure this is so useful as to be worth enshrining in the
> syntax. You could also argue that it's a potential security hole since
> it'd be mighty easy to grant rights you didn't intend to on objects you
> didn't realize would match the wildcard. (And that'd be true in spades
> if the effect of the command were to automatically grant the same rights
> on matching objects created in the future, which is what I think some of
> the people asking for this sort of thing wanted. But I'm outright
> scared of that idea.)
--
Randall Perry
sysTame
Xserve Web Hosting/Co-location
Website Design/Development
WebObjects Hosting
Mac Consulting/Sales
http://www.systame.com/
---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
