Tom Lane writes:
[ All the rest looks good to me. ]
> Databases have two grantable rights: CREATE allows creating new regular
> (permanent) schemas within the database, while TEMP allows creation of
> a temp schema (and thus temp tables).
Couldn't the temp schema be permanent (and unremovable), and thus the
privilege to create temp tables can be handled by GRANT CREATE ON SCHEMA
temp. It seems to me that creating an extra type of privilege to be able
to create one specific schema that exists by default anyway(?) is
overkill.
> A new database will initially allow both these rights to world.
Should it? Shouldn't the database owner have to give out schemas
explicitly? This would be consistent with not being able to create
subobjects in other people's schemas by default.
--
Peter Eisentraut peter_e@gmx.net