| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Petr Jelinek <pjmodos(at)pjmodos(dot)net> |
| Cc: | Jan Urbański <wulczer(at)wulczer(dot)org>, Josh Berkus <josh(at)agliodbs(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Robert Haas <robertmhaas(at)gmail(dot)com> |
| Subject: | Re: [PATCH] DefaultACLs |
| Date: | 2009-10-01 17:37:14 |
| Message-ID: | 29735.1254418634@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Petr Jelinek <pjmodos(at)pjmodos(dot)net> writes:
> because it seems like merging privileges seems to be acceptable for most
> (although I am not sure I like it, but I don't have better solution for
> managing conflicts), I changed the patch to do just that.
It's not clear to me whether we have consensus on this approach.
Last chance for objections, anyone?
The main argument I can see against doing it this way is that it doesn't
provide a means for overriding the hard-wired public grants for object
types that have such (principally functions). I think that a reasonable
way to address that issue would be for a follow-on patch that allows
changing the hard-wired default privileges for object types. It might
well be that no one cares enough for it to matter, though. I think that
in most simple cases what's needed is a way to add privileges, not
subtract them --- and we're already agreed that this mechanism is only
meant to simplify simple cases.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2009-10-01 17:42:10 | Re: Limit allocated memory per session |
| Previous Message | Andrew Dunstan | 2009-10-01 17:34:27 | Re: Rejecting weak passwords |