Petr Jelinek napsal(a):
Robert Haas napsal(a): I'm going to reiterate what I suggested upthread... let's let the
default, global default ACL contain the hard-wired privileges, instead
of making them hardwired. Then your objects will get those privileges
not because they are hard-wired, but because you haven't changed your
global default ACL to not contain them.
That's somewhat how I implemented it although not just on global level but in any single filter, what we now have as defaults (before this patch) is used as template for default acls and you can revoke it. You just can't revoke anything you granted anywhere in the default acls chain.
Reminds me I forgot to adjust the docs. Attached patch fixes that (no other changes).
--
Regards
Petr Jelinek (PJMODOS)
