Stephen Frost napsal(a):
> * Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
>>> One potential trouble spot is that presumably the built-in default
>>> privileges (eg, PUBLIC EXECUTE for functions) would *not* cumulate
>>> with user-specified defaults.
>> Why not?
> How would you have a default that says "I *don't* want public execute on
> my new functions"?
This is actually problem that applies to whole Robert's proposal. How
would you define you don\t want insert on new tables in schema when you
granted it for whole database. I don't think any kind of mixing of
different default privileges is a good idea. I was thinking about
rejecting creation of conflicting default privileges but that would be
impossible to detect before object creation which is too late.
Petr Jelinek (PJMODOS)
In response to
pgsql-hackers by date
|Next:||From: Dave Page||Date: 2009-09-29 07:57:35|
|Subject: Re: pg_hba.conf: samehost and samenet [REVIEW]|
|Previous:||From: Petr Jelinek||Date: 2009-09-29 07:42:58|
|Subject: Re: [PATCH] DefaultACLs|