Re: public schema default ACL

Stephen Frost wrote:

> * Noah Misch (noah(at)leadboat(dot)com) wrote:

> > I like the idea of getting more SQL-compatible, if this presents a distinct
> > opportunity to do so. I do think it would be too weird to create the schema
> > in one database only. Creating it on demand might work. What would be the
> > procedure, if any, for database owners who want to deny object creation in
> > their databases?
>
> My suggestion was that this would be a role attribute. If an
> administrator doesn't wish for that role to have a schema created
> on-demand at login time, they would set the 'SCHEMA_CREATE' (or whatever
> we name it) role attribute to false.

Is a single attribute enough? I think we need two: one would authorize
to create the schema $user to the user themselves (maybe
SELF_SCHEMA_CREATE); another would automatically do so when connecting
to a database that does not have it (perhaps AUTO_CREATE_SCHEMA).

Now, maybe the idea of creating it as soon as a connection is
established is not great. What about creating it only when the first
object creation is attempted and there is no other schema to create in?
This avoid pointless proliferation of empty user schemas, as well as
avoid the overhead of checking existence of schem $user on each
connection.

--
Álvaro Herrera https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services