Re: [PATCH] DefaultACLs

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: Petr Jelinek <pjmodos(at)pjmodos(dot)net>, Jan Urbański <wulczer(at)wulczer(dot)org>, Josh Berkus <josh(at)agliodbs(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Robert Haas <robertmhaas(at)gmail(dot)com>
Subject: Re: [PATCH] DefaultACLs
Date: 2009-10-01 18:21:25
Message-ID: 880.1254421285@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Stephen Frost <sfrost(at)snowman(dot)net> writes:
> Erm, wait, we're going to drop the only piece of this that outside folks
> have actually been asking for? Specifically, having per-schema default
> ACLs?

They are per-schema for the objects belonging to the granting user.
Otherwise you have a bunch of nasty issues, including the prospect
of non-superusers being able to control the privileges granted on
objects that don't belong to them.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Petr Jelinek 2009-10-01 18:24:27 Re: [PATCH] DefaultACLs
Previous Message Stephen Frost 2009-10-01 18:18:23 Re: [PATCH] DefaultACLs