Re: One Role, Two Passwords

On Jan21, 2011, at 03:03 , Robert Haas wrote:
> It strikes me that it would be useful to have a GUC that sets the
> owner of any new objects you create (much as you can control their
> default schemas using search_path). Obviously, you'd need to restrict
> it so that it wouldn't allow you to create an object owned by a role
> to which you couldn't have given an object owned by yourself.

We could simply refuse to set default_owner to a rule the current user
don't inherit from. If set via an ALTER DATABASE SET ROLE the setting
would then simply be (silently) ignored - or at least this is how it
work for ALTER DATABASE SET ROLE.

> But
> this is what Florian was trying to get at with his much-maligned ALTER
> DATABASE .. SET ROLE, I think, and it seems to me that it would help
> with this case, too.

It's *precisely* what I was trying to get at! Great idea!

It seems to avoid most of the issues people had with my ALTER DATABASE
SET ROLE trick, too.

> It's always struck me that using multiple
> database logins would create all sorts of inconsistencies with
> different objects ending up owned by different users, but I guess
> until recently I was under the impression I was the only one who had
> an issue with that. It seems not.

Certainly not :-)

best regards,
Florian Pflug