> TODO1: Allow GRANT/REVOKE permissions to be applied to all schema
> objects with one command.
> TODO2: Assign Permissions to schemas wich get automatically inherited
> by objects created in the schema.
>
> a) should we pursue both of them?
> b) how can a syntax for TODO1 look like? Anchored at 'GRANT ... ON
> SCHEMA' or 'GRANT ... ON <objecttype>' ?
I vote no on a. Reason: it's relatively easy to do the same thing
already. However if you do end up doing that, I'd suggest using
'CASCADE'. This is reasonably consistent with other dependency honoring
commands in pg.
What I would really like to see is TODO2: because this allows greater
flexibility for controlling security. This is impossible in pg
currently, and may be a slightly more sophisticated job.
Good luck!
Merlin
