> Since you changed ACL_WORLD_DEFAULT to ACL_NO too, there are
> now problems on \d <table> (pg_attribute: Permission denied).
> And thus I expect more problems. I think users should have
> SELECT permission on non-critical system catalogs by default.
>
> But I don't think that setting explicit GRANT's on all the
> system catalogs is a good thing. Due to the ACL parsing I
> would expect some loss of performance.
>
> So if the relname is given to acldefault() in
> utils/adt/acl.c, it can do a IsSystemRelationName() on it and
> return ACL_RD instead of ACL_WORLD_DEFAULT.
Nice solution.
--
Bruce Momjian | 830 Blythe Avenue
maillist@candle.pha.pa.us | Drexel Hill, Pennsylvania 19026
+ If your life is a hard drive, | (610) 353-9879(w)
+ Christ can be your backup. | (610) 853-3000(h)