| From: | Florian Pflug <fgp(at)phlo(dot)org> |
|---|---|
| To: | Daniel Farina <drfarina(at)acm(dot)org> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Josh Berkus <josh(at)agliodbs(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: One Role, Two Passwords |
| Date: | 2011-01-21 02:17:39 |
| Message-ID: | 702246FD-DB04-475C-B4F6-D9B8AF8844C9@phlo.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Jan21, 2011, at 03:14 , Daniel Farina wrote:
> On Thu, Jan 20, 2011 at 6:12 PM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
>> On Thu, Jan 20, 2011 at 9:07 PM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>>> * Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
>>>> It strikes me that it would be useful to have a GUC that sets the
>>>> owner of any new objects you create (much as you can control their
>>>> default schemas using search_path).
>>>
>>> There was a great deal of discussion along these lines over the summer
>>> of '09 (iirc) with regard to default owners and with the default
>>> privileges patch. I encourage you to try and make it happen though.
>>
>> I'm not likely to write a patch for it, but if someone else writes one
>> I would be willing to (a) support it and (b) subject to consensus,
>> commit it.
>
> Wouldn't this require a client application to issue the GUC setting?
> Or could I somehow tell a role "You create objects as this user, and
> you cannot change this."
You could do ALTER ROLE SET default_owner TO <whatever>. Nothing would
prevent the user from resetting default_owner, though - but do you really
need to protect against that?
best regards,
Florian Pflug
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kevin Grittner | 2011-01-21 02:17:42 | Re: REVIEW: EXPLAIN and nfiltered |
| Previous Message | Robert Haas | 2011-01-21 02:16:43 | Re: ToDo List Item - System Table Index Clustering |