Re: [PATCH] DefaultACLs

Robert Haas napsal(a):
> On Thu, Oct 1, 2009 at 1:37 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
>> Petr Jelinek <pjmodos(at)pjmodos(dot)net> writes:
>>
>>> because it seems like merging privileges seems to be acceptable for most
>>> (although I am not sure I like it, but I don't have better solution for
>>> managing conflicts), I changed the patch to do just that.
>>>
>> It's not clear to me whether we have consensus on this approach.
>> Last chance for objections, anyone?
>>
>> The main argument I can see against doing it this way is that it doesn't
>> provide a means for overriding the hard-wired public grants for object
>> types that have such (principally functions). I think that a reasonable
>> way to address that issue would be for a follow-on patch that allows
>> changing the hard-wired default privileges for object types. It might
>> well be that no one cares enough for it to matter, though. I think that
>> in most simple cases what's needed is a way to add privileges, not
>> subtract them --- and we're already agreed that this mechanism is only
>> meant to simplify simple cases.
>>
>
> I'm going to reiterate what I suggested upthread... let's let the
> default, global default ACL contain the hard-wired privileges, instead
> of making them hardwired. Then your objects will get those privileges
> not because they are hard-wired, but because you haven't changed your
> global default ACL to not contain them.
>

That's somewhat how I implemented it although not just on global level
but in any single filter, what we now have as defaults (before this
patch) is used as template for default acls and you can revoke it. You
just can't revoke anything you granted anywhere in the default acls chain.

--
Regards
Petr Jelinek (PJMODOS)