Noah Misch <noah@leadboat.com> writes:
> The particular restriction at hand, namely that a role have CREATE rights on a
> schema before assigning role-specific default privileges, seems like needless
> paternalism. It would be akin to forbidding ALTER ROLE ... PASSWORD on a
> NOLOGIN role. I'd support removing it when such a proposal arrives.
Hm. I defended that restriction earlier, but it now occurs to me to
wonder if it doesn't create a dump/reload sequencing hazard. I don't
recall that pg_dump is aware of any particular constraints on the order
in which it dumps privilege-grant commands. If it gets this right,
that's mostly luck, I suspect.
> If
> anything, require that the user executing the ALTER DEFAULT PRIVILEGES, not
> the subject of the command, has CREATE rights on the schema.
That would be just as dangerous from this angle.
regards, tom lane