> The solution I had in mind was for ALTER OWNER to run through the ACL
> and replace the old owner ID with the new one wherever the old one
> appears, in both grantor and grantee positions. So in your example
> {chriskl=arwdRxt/chriskl,other=r/chriskl}
> becomes
> {gumby=arwdRxt/gumby,other=r/gumby}
>
> You could skip doing this when the ACL is null of course, since the
> default assumption about its contents will change in just the same way.
What about fixing existing bad acls? I can't figure out a grant or
revoke statement to do it? Do I have to update to set the relacl to
null and then re-run the fixed set of grants?
Chris
