That said, I don't feel very strongly about that position, so if you and Robert (and others on the thread) agree that's the right approach then I'll see about getting it done.
We haven't reached consensus on this one yet and I didn't want it to fall too far off the radar.
Here is what I summarize as the current state of the discussion:
1. Syntax:
ALTER ROLE <role> { ADD | DROP } CAPABILITY <capability>
* I think this is the most straight forward approach as it still close to the current syntax.
* Perhaps keeping the current syntax around as deprecated to be removed in a scheduled future version. (provide a "deprecated" message to the user?)
or
GRANT EXECUTE PRIVILEGES ON <capability> TO <role>
* Though, this will be tricky since EXECUTE is not reserved and the currently state of GRANT in the grammar would require either refactoring or making it RESERVED... neither I think are acceptable at this point in time for obvious reasons.
2. Catalog Representation:
Condense all attributes in pg_authid to single int64 column and create bitmasks accordingly.
Obviously there is some concern for upgrading and whether to do both at once or to do them incrementally. IMHO, I think if the changes are going to be made, then we should go ahead and do them at the same time. Though, would it be beneficial to separate in to two distinct patches?
