On Sat, Oct 31, 2015 at 12:16:31AM +0100, Robert Haas wrote:
> On Thu, Oct 29, 2015 at 10:31 PM, David Fetter <david@fetter.org> wrote:
> > Had this been part of the original ALTER DEFAULT PRIVILEGES patch,
> > those privileges would simply have been applied. Since it wasn't, I'm
> > ass-u-me'ing that changing the default behavior to that is going to
> > cause (possibly legitimate) anxiety.
>
> The word "applied" is not very clear here. You want to revoke all
> existing privileges and then regrant whatever the default privileges
> would have been given the new owner? That might be a reasonable thing
> to have a command for, but doing it automatically on an owner change
> does not sound like a good idea. That could be very surprising
> behavior.
OK, so I think there are operationally useful use cases for
mix'n'match of the following:
- Clear all existing DEFAULT PRIVILEGES
- Preserve DEFAULT PRIVILEGES from the previous owner
- Apply DEFAULT PRIVILEGES for the new owner
Are there others? I suspect we could get some lift out of
CREATE ... OWNER ...
which would then Do The Right Thing™ with respect at least to initial
creation without having to be connected as that role.
Cheers,
David.
--
David Fetter <david@fetter.org> http://fetter.org/
Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter
Skype: davidfetter XMPP: david.fetter@gmail.com
Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate
