What might be nice is a deductive syntax, so you can GRANT ALL and then remove privileges for certain objects:
GRANT ALL ON DATABASE foo TO user EXCEPT... > It is perhaps interesting to do something like > GRANT SELECT ON TABLE foo.* TO user; > but I'm not sure this is so useful as to be worth enshrining in the > syntax. You could also argue that it's a potential security hole since > it'd be mighty easy to grant rights you didn't intend to on objects you > didn't realize would match the wildcard. (And that'd be true in spades > if the effect of the command were to automatically grant the same rights > on matching objects created in the future, which is what I think some of > the people asking for this sort of thing wanted. But I'm outright > scared of that idea.) -- Randall Perry sysTame Xserve Web Hosting/Co-location Website Design/Development WebObjects Hosting Mac Consulting/Sales http://www.systame.com/ ---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]