Josh,
* Josh Berkus (josh@agliodbs.com) wrote:
> As you know, there's a lot of people these days using SCHEMA for
> multi-tenant application partitioning. One of them pointed out to me
> that "schema" is missing from ALTER DEFAULT PRIVS; that is, there's no
> way for you to set default permissions on a new schema. For folks using
> schema for partitioning, support for this would be very helpful.
>
> Worth adding to TODO? Obviously nobody's going to work on it right now.
The original ALTER DEFAULT PRIVS actually included support for exactly
this, and there was a patch at one point for DEFAULT OWNER as well. I'm
on board for both of those ideas and run into the lack of them regularly
(as in, last week I was setting default privileges for a whole slew of
roles by hand for a given schema because I couldn't set it for *all*
users for a given schema, even as a superuser, and new roles will be
added shortly and I'll have to go back and remember to add the default
privs for them also...).
That's my 2c. I don't believe this is really a question about if anyone
needs this so much as how we can implement it and keep everyone happy
that it's safe and secure. That's what needs to be worked out first.
Thanks,
Stephen
