I have implemented for myown use a user defined function that has the
following syntax:
F.GRANT_RIGHTS('comma_separated_list_of_rights',
'*|comma_separated_list_of_schemas', '*|comma_separated_list_of_users')
With this you can grant a set of rights to any number of schemas to any
number of users.
The implementation was 30-40 lines.
The problem is that when I do development I have to run my GRANT_RIGHTS
statement over and over again when I drop and recreate a table (with
some changes).
So the useful feature would be that giving rights to all objects in a
schema would mean all objects now and in the future.
If someone else starts creating new tables in the same db for some other
purpose then it would make sense that he would create a new schema for
that new purpose, no?
- Rami
On 10.4.2015 21:40, Fred&Dani&Pandora&Aquiles wrote:
Hi Noel,
I studied the behavior of proposed feature in other databases
(postgres, mysql, derby and hsqldb). However, only postgres and mysql
allowed me to execute the grant action in the whole schema. Well,
postgres has a similar behavior to the patch submitted and I think
that mysql acts like you expects. Please, can you confirm the expected
behavior with the attached test case?
My initial idea was to allow the permission grant for all tables of a
given schema more easily, as in postgres. Besides, I thought in a
situation where you have an schema initially loaded with some tables,
and this schema can be shared by different users. However, an user X
do not need, necessarily, to have access in all tables. So, you grants
the permissions to X in the schema, and later, another tables are
added to satisfy other applications and different users. Don't you
think this could lead to a security breach, once the permissions to
the user X will be 'automatically' granted. What you think about this?
Regards,
Fred
2015-04-09 8:06 GMT-03:00 Rami Ojares <[email protected]
<mailto:[email protected]>>:
Before I proceed with this, I need understand better your
expectations.
I understood Noel in the following fashion:
Let's say I have Table A in Schema X.
I grant update privileges to User U.
Someone creates table B in schema X.
User U tries to update table B but has no privileges.
I am confused because I explicitly told H2 that user U should have
update privileges for all objects in Schema X.
- Rami
--
You received this message because you are subscribed to the Google
Groups "H2 Database" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to [email protected]
<mailto:h2-database%[email protected]>.
To post to this group, send email to [email protected]
<mailto:[email protected]>.
Visit this group at http://groups.google.com/group/h2-database.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google
Groups "H2 Database" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected]
<mailto:[email protected]>.
To post to this group, send email to [email protected]
<mailto:[email protected]>.
Visit this group at http://groups.google.com/group/h2-database.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "H2
Database" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/h2-database.
For more options, visit https://groups.google.com/d/optout.
