Re: Schema (namespace) privilege details - Mailing list pgsql-hackers

From Peter Eisentraut
Subject Re: Schema (namespace) privilege details
Date
Msg-id Pine.LNX.4.30.0204212308390.688-100000@peter.localdomain
Whole thread Raw
In response to Re: Schema (namespace) privilege details  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Schema (namespace) privilege details
List pgsql-hackers
Tom Lane writes:

[ All the rest looks good to me. ]

> Databases have two grantable rights: CREATE allows creating new regular
> (permanent) schemas within the database, while TEMP allows creation of
> a temp schema (and thus temp tables).

Couldn't the temp schema be permanent (and unremovable), and thus the
privilege to create temp tables can be handled by GRANT CREATE ON SCHEMA
temp.  It seems to me that creating an extra type of privilege to be able
to create one specific schema that exists by default anyway(?) is
overkill.

> A new database will initially allow both these rights to world.

Should it?  Shouldn't the database owner have to give out schemas
explicitly?  This would be consistent with not being able to create
subobjects in other people's schemas by default.

-- 
Peter Eisentraut   peter_e@gmx.net



pgsql-hackers by date:

Previous
From: Thomas Lockhart
Date:
Subject: Re: Patches applied; initdb time!
Next
From: Tom Lane
Date:
Subject: Re: Schema (namespace) privilege details