Tom,
>> I thought the idea was to simply avoid that situation. Maybe we want to
>> forget about global defaults if that's the case, and just do the ROLE
>> defaults.
>
> That seems like a pretty dead-end design.
Well, the whole purpose for DefaultACLs is to simplify administration
for the simplest use cases. If we add a large host of conflicting
options, we haven't simplified stuff very much.
> I already mentioned one case that there's longstanding demand for, which
> is to instantiate the correct permissions on new partition child tables.
Wouldn't that be handled by inheritance?
> But more generally, this is a fairly large and complicated patch in
> comparison to the reward, if the intention is that it will never support
> anything more than the one case of "IN SCHEMA foo" filtering.
I thought we were doing ROLEs?
--
Josh Berkus
PostgreSQL Experts Inc.
www.pgexperts.com
