| From: | Petr Jelinek <pjmodos(at)pjmodos(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Jan Urbański <wulczer(at)wulczer(dot)org>, Josh Berkus <josh(at)agliodbs(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Robert Haas <robertmhaas(at)gmail(dot)com> |
| Subject: | Re: [PATCH] DefaultACLs |
| Date: | 2009-10-01 18:24:27 |
| Message-ID: | 4AC4F3DB.2030705@pjmodos.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
> Stephen Frost <sfrost(at)snowman(dot)net> writes:
>
>> Erm, wait, we're going to drop the only piece of this that outside folks
>> have actually been asking for? Specifically, having per-schema default
>> ACLs?
>>
>
> They are per-schema for the objects belonging to the granting user.
> Otherwise you have a bunch of nasty issues, including the prospect
> of non-superusers being able to control the privileges granted on
> objects that don't belong to them.
>
Also it's not really a problem since superuser or role admin can set
these for other roles.
--
Regards
Petr Jelinek (PJMODOS)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kevin Grittner | 2009-10-01 18:36:34 | Re: FSM search modes |
| Previous Message | Tom Lane | 2009-10-01 18:21:25 | Re: [PATCH] DefaultACLs |