Home > mailing lists

Re: Schema (namespace) privilege details - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	Re: Schema (namespace) privilege details
Date	April 22, 2002 02:09:06
Msg-id	Pine.LNX.4.30.0204212308390.688-100000@peter.localdomain Whole thread Raw
In response to	Re: Schema (namespace) privilege details (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Schema (namespace) privilege details (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

Tom Lane writes:

[ All the rest looks good to me. ]

> Databases have two grantable rights: CREATE allows creating new regular
> (permanent) schemas within the database, while TEMP allows creation of
> a temp schema (and thus temp tables).

Couldn't the temp schema be permanent (and unremovable), and thus the
privilege to create temp tables can be handled by GRANT CREATE ON SCHEMA
temp.  It seems to me that creating an extra type of privilege to be able
to create one specific schema that exists by default anyway(?) is
overkill.

> A new database will initially allow both these rights to world.

Should it?  Shouldn't the database owner have to give out schemas
explicitly?  This would be consistent with not being able to create
subobjects in other people's schemas by default.

-- 
Peter Eisentraut   peter_e@gmx.net

pgsql-hackers by date:

From: Thomas Lockhart
Date: 22 April 2002, 01:57:53
Subject: Re: Patches applied; initdb time!

From: Tom Lane
Date: 22 April 2002, 02:25:45
Subject: Re: Schema (namespace) privilege details

Re: Schema (namespace) privilege details - Mailing list pgsql-hackers

Previous

Next