From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Petr Jelinek <pjmodos(at)pjmodos(dot)net>, Jan Urbański <wulczer(at)wulczer(dot)org>, Josh Berkus <josh(at)agliodbs(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: [PATCH] DefaultACLs |
Date: | 2009-09-29 02:55:13 |
Message-ID: | 603c8f070909281955t3f9f5073xf55e54ccea0466ff@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Mon, Sep 28, 2009 at 10:44 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Robert Haas <robertmhaas(at)gmail(dot)com> writes:
>> I haven't read the patch, but it seems like one possible solution to
>> this problem would be to declare that any any DEFAULT PRIVILEGES you
>> set are cumulative. If you configure a global default, a per-schema
>> default, a default for tables whose names begin with the letter q, and
>> a default for tables created between midnight and 4am, then a table
>> called quux created in that schema at 2:30 in the morning will get the
>> union of all four sets of privileges.
>
> Hmm ... interesting proposal. Simple to understand and simple to
> implement, which are both to the good. I'm not clear though on whether
> this behavior would be useful in practice. Any comments from those
> who've been asking for default ACLs?
>
> One potential trouble spot is that presumably the built-in default
> privileges (eg, PUBLIC EXECUTE for functions) would *not* cumulate
> with user-specified defaults.
Why not?
...Robert
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2009-09-29 03:47:09 | Re: [PATCH] DefaultACLs |
Previous Message | Tom Lane | 2009-09-29 02:50:28 | Re: Buffer usage in EXPLAIN and pg_stat_statements (review) |