On Wed, Aug 5, 2009 at 3:40 PM, Tom Lane<t...@sss.pgh.pa.us> wrote: > Robert Haas <robertmh...@gmail.com> writes: >> I have one database that is set up with a reporting user (read only on >> everything). It requires constant maintenance. Every time an object >> is added or deleted (or dropped and recreated, like a view, which I do >> ALL THE TIME to work around the inability to add/remove columns) the >> permissions get shot to hell. I finally crontabbed a script that >> fixes it every 20 minutes. I had another database where I tried to do >> some real permission separation and it was just a huge pain in the >> ass. > >> Grant on all isn't gonna fix these problems completely, but it's a >> start. The DefaultACL stuff is another important step in the right >> direction. > > Seems like default ACLs, not grant-on-all, is what you want for that.
Well, that helps with the maintenance, but you also have to set it up initially. There were already 100+ objects in the schema at the time the reporting user was created. ...Robert -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
