On mån, 2011-11-07 at 12:21 -0500, Robert Haas wrote:
> > As I'm plotting to write code for this, I wonder about how to handle
> > default privileges. For compatibility and convenience, we would
> still
> > want to have types with public privileges by default. Should we
> > continue to hardcode this, as we have done in the past with
> functions,
> > for example, or should we use the new default privileges facility to
> > register the public default privileges in the template database?
>
> I think it would make sense to follow the model of default privileges,
> but I'm a bit confused by the rest of this, because pg_default_acl is
> normally empty - you only make an entry there when a schema has
> different defaults than the, uh, default defaults. So you shouldn't
> need to "register" anything, I wouldn't think.
Let me put this differently. Should we either continue to hardcode the
default privileges in the acldefault() function, or should we instead
initialize the system catalogs with an entry in pg_default_acl as though
ALTER DEFAULT PRIVILEGES GRANT USAGE ON TYPES TO PUBLIC; had been
executed?