Peter Eisentraut <peter_e@gmx.net> writes:
> Tom Lane wrote:
>> I think the printout format is fine and the silent non-removal of
>> grant options was a bad idea, particularly since it doesn't seem to
>> be saving any code (GRANT/REVOKE check ownerness anyway). I propose
>> that we take out the special cases in merge_acl_with_grant that
>> prohibit revoking an owner's grant options, and instead adjust the
>> grant statement code to act as if those options are always present.
> Sounds good.
If you like that, I have a further suggestion, which is to not include
the owner's grant options in the default ACL, either. This would not
affect the behavior given the above changes; what it would do is reduce
clutter in the ACL display. Right now, if user miriam does
create table mytable(f int);
grant select on mytable to public;
\z mytable
she'll see
Schema | Name | Type | Access privileges
--------+---------+-------+------------------------------------------public | mytable | table |
{miriam=a*r*w*d*R*x*t*/miriam,=r/miriam}
Changing the default ACL would take this down to
public | mytable | table | {miriam=arwdRxt/miriam,=r/miriam}
which seems usefully more readable to me. Comments?
regards, tom lane