From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Josh Berkus <josh(at)agliodbs(dot)com> |
Cc: | Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Kevin Grittner <Kevin(dot)Grittner(at)wicourts(dot)gov>, Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org, Nikhil Sontakke <nikhil(dot)sontakke(at)enterprisedb(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Petr Jelinek <pjmodos(at)pjmodos(dot)net> |
Subject: | Re: GRANT ON ALL IN schema |
Date: | 2009-08-10 21:28:42 |
Message-ID: | 20090810212842.GR23840@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
* Josh Berkus (josh(at)agliodbs(dot)com) wrote:
> I'm not agreeing, though, that we don't need a GRANT ALL/ALTER DEFAULT.
> We still need that for the simplest cases so that novice-level users
> will use *some* access control. But it would mean that we wouldn't need
> GRANT ALL/ALTER DEFAULT to support anything other than the simplest cases.
I agree with Josh. That's also why I feel the schema or namespace-driven
grant/defaults make the most sense. I feel like it's the most natural
and intuitive option. Having a default for roles is a neat idea, but I
don't believe they'd be used much and would require having a precedence
or merging them, neither of which I like.
Thanks,
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2009-08-10 21:39:30 | Re: pgsql: Refactor NUM_cache_remove calls in error report path to a PG_TRY |
Previous Message | Josh Berkus | 2009-08-10 21:12:36 | Re: GRANT ON ALL IN schema |