David Fetter <david@fetter.org> writes:
> There are situations where a "default deny" policy is the best fit.
> To that end, I have a modest proposal:
> REVOKE PUBLIC FROM role;
Neither possible nor sensible. PUBLIC means everybody, and is
implemented in a way that doesn't allow any other meaning.
We pretty much have "default deny" at the other end anyway, in that most
types of objects start out without any permissions granted to PUBLIC.
So I don't think you've made an adequate (or indeed any) case for
needing this, even if it were redesigned into something less screwy.
regards, tom lane
