Re: [PATCH] DefaultACLs

* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> Petr Jelinek <pjmodos(at)pjmodos(dot)net> writes:
> > because it seems like merging privileges seems to be acceptable for most
> > (although I am not sure I like it, but I don't have better solution for
> > managing conflicts), I changed the patch to do just that.
>
> It's not clear to me whether we have consensus on this approach.
> Last chance for objections, anyone?

I don't like it, but at the same time I'd rather have it with this than
not have anything.

> The main argument I can see against doing it this way is that it doesn't
> provide a means for overriding the hard-wired public grants for object
> types that have such (principally functions). I think that a reasonable
> way to address that issue would be for a follow-on patch that allows
> changing the hard-wired default privileges for object types. It might
> well be that no one cares enough for it to matter, though. I think that
> in most simple cases what's needed is a way to add privileges, not
> subtract them --- and we're already agreed that this mechanism is only
> meant to simplify simple cases.

This doesn't actually address the entire problem. How about
schema-level default grants which you want to override with per-role
default grants? Or the other way around? Is it always only more
permissive with more defaults? Even when the grantee is the same?

I dunno, I'll probably just ignore the per-role stuff, personally, but
it seems more complex without sufficient definition about what's going
to happen in each case.

Thanks,

Stephen