> Ok, good. This is what people was aiming for initially, I hope. What
> do people think, particularly those who wanted to manage pg_hba.conf via
> SQL commands?
I guess for this one more people have to play with the new
functionality.
> Without looking at the surrounding code, I'm a bit wary of the fact that
> in ReverifyMyDatabase, pg_database_aclcheck is called with GetUserId()
> but the error message is emitted with the user_name that was passed as
> parameter instead. The inconsistency could prove painful in the future;
> maybe it's OK, but if it is, you should declare it in the surrounding
> comments.
I have added proper comment for that.
-------------------------------------
I guess the next step is to check for the last ACL_CONNECT privilege as
discussed below.
> At this moment the owner of the database CAN REVOKE himself form the
> ACL_OBJECT_DATABASE. If the implementation above is acceptable then I
> can work on this one :)
Hmm, what do you want to do about it? ISTM the owner should be able to
revoke the privilege from himself ... (Maybe we could raise a WARNING
whenever anyone revokes the last CONNECT privilege to a database, so
that he can GRANT it to somebody before disconnecting.)
