Re: public schema default ACL - Mailing list pgsql-hackers

From Alvaro Herrera
Subject Re: public schema default ACL
Date
Msg-id 20180307143610.u6jb4tlzx2n64x22@alvherre.pgsql
Whole thread Raw
In response to Re: public schema default ACL  (Stephen Frost <sfrost@snowman.net>)
Responses Re: public schema default ACL
Re: public schema default ACL
List pgsql-hackers
Stephen Frost wrote:

> * Noah Misch (noah@leadboat.com) wrote:

> > I like the idea of getting more SQL-compatible, if this presents a distinct
> > opportunity to do so.  I do think it would be too weird to create the schema
> > in one database only.  Creating it on demand might work.  What would be the
> > procedure, if any, for database owners who want to deny object creation in
> > their databases?
> 
> My suggestion was that this would be a role attribute.  If an
> administrator doesn't wish for that role to have a schema created
> on-demand at login time, they would set the 'SCHEMA_CREATE' (or whatever
> we name it) role attribute to false.

Is a single attribute enough?  I think we need two: one would authorize
to create the schema $user to the user themselves (maybe
SELF_SCHEMA_CREATE); another would automatically do so when connecting
to a database that does not have it (perhaps AUTO_CREATE_SCHEMA).

Now, maybe the idea of creating it as soon as a connection is
established is not great.  What about creating it only when the first
object creation is attempted and there is no other schema to create in?
This avoid pointless proliferation of empty user schemas, as well as
avoid the overhead of checking existence of schem $user on each
connection.

-- 
Álvaro Herrera                https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services


pgsql-hackers by date:

Previous
From: David Steele
Date:
Subject: Re: Re: WIP Patch: Precalculate stable functions, infrastructure v1
Next
From: Jeevan Chalke
Date:
Subject: Re: [HACKERS] Partition-wise aggregation/grouping