Folks,
I've run into a problem recently, and I can't be the first to have
done so, and it's this.
We have a pretty sophisticated capability via ALTER DEFAULT
PRIVILEGES. When the creating role creates something in a schema so
altered, all kinds of nice recursive granting happens. That's well
and good.
BUT
When we change an object's owner, we have no practical access to those
default privileges, even when we want them applied.
If this were a green field project, I would advocate that the things
ALTER DEFAULT PRIVILEGES does should be applied by default on change
of ownership. I would still argue that this behavior should become
the default, but I would expect to lose that argument.
Since it's not a green field project, I would like to propose the
following addition to the ALTER ... OWNER TO ... construct:
ALTER ... OWNER TO ... [{NEW | OLD} DEFAULT PRIVILEGES]
What say?
Cheers,
David.
--
David Fetter <david@fetter.org> http://fetter.org/
Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter
Skype: davidfetter XMPP: david.fetter@gmail.com
Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate