KaiGai Kohei <kai...@kaigai.gr.jp> writes: > Tom Lane wrote: >> What about DELETE permissions? Should we track that separately from >> UPDATE?
> PostgreSQL checks ownership of the database object when user tries to > drop it. This patch also add pg_largeobject_ownercheck() on lo_unlink(). Oh, okay, that will do fine. >>> The CREATE USER/ROLE statement got a new option: LARGEOBJECT/NOLARGEOBJECT. >>> It enables to controls whether the user can create a largeobject, or not. >> >> I don't think this is necessary or appropriate. > What should control privilege to create a new largeobject? > Or, it implicitly allows everyone to create a new one? We have not had any requests to keep people from creating LOs, so I think we can just implicitly allow everyone. If we were going to try to manage it, I don't think a role attribute is a very good solution. It's not grantable or inheritable, it can't be managed per-database, etc. So I'd leave this out until there's some popular demand. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers