Re: public schema default ACL

From: Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: Noah Misch <noah(at)leadboat(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: public schema default ACL
Date: 2018-03-07 14:36:10
Message-ID: 20180307143610.u6jb4tlzx2n64x22@alvherre.pgsql
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Stephen Frost wrote:

> * Noah Misch (noah(at)leadboat(dot)com) wrote:

> > I like the idea of getting more SQL-compatible, if this presents a distinct
> > opportunity to do so. I do think it would be too weird to create the schema
> > in one database only. Creating it on demand might work. What would be the
> > procedure, if any, for database owners who want to deny object creation in
> > their databases?
>
> My suggestion was that this would be a role attribute. If an
> administrator doesn't wish for that role to have a schema created
> on-demand at login time, they would set the 'SCHEMA_CREATE' (or whatever
> we name it) role attribute to false.

Is a single attribute enough? I think we need two: one would authorize
to create the schema $user to the user themselves (maybe
SELF_SCHEMA_CREATE); another would automatically do so when connecting
to a database that does not have it (perhaps AUTO_CREATE_SCHEMA).

Now, maybe the idea of creating it as soon as a connection is
established is not great. What about creating it only when the first
object creation is attempted and there is no other schema to create in?
This avoid pointless proliferation of empty user schemas, as well as
avoid the overhead of checking existence of schem $user on each
connection.

--
Álvaro Herrera https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Jeevan Chalke 2018-03-07 14:37:34 Re: [HACKERS] Partition-wise aggregation/grouping
Previous Message David Steele 2018-03-07 14:35:56 Re: Re: WIP Patch: Precalculate stable functions, infrastructure v1