Petr Jelinek wrote: > Jan Urbański napsal(a): >> Dependencies suck, I know.. >> > > Cross-database dependencies do. > > I had to make target role owner of the default acls which adds some side > effects like the fact that it blocks DROP ROLE so DROP OWNED BY has to > be used. > As for REASSIGN OWNED, it does not reassign anything (I don't think it's > a good idea to reassign default acls) it just spits warning with hint > what to do if user plans to drop the role.
OK, so that addresses my last gripe. It seems that when you try to drop a role to which you have granted some privileges before, you can't, and when you REASSIGN OWNED, it doesn't help. So maybe it's not even necessary to give a warning when REASSIGN OWNED is called on default ACLs. Only loose end is tab completion which can probably be added later on. I'm also not sure if we wouldn't like to have ALTER DEFAULT PRIVILEGES FOR ALL ROLES (or something similar), so you won't have to ALTER DEFAULT PRIVILEGES for each developer you gave a DB login to. Petr told me that was the previous design but has been shot down - I found references to that on the mailing list, but most complains were about tying the syntax to ALTER SCHEMA. Since we now have ALTER DEFAULT PRIVILEGES I think it might make sense to introduce a way to set the default privileges for all roles (and give superusers the right to do it). This can be added later on, but maybe we could make the syntax work so when you do ALTER DEFAULT PRIVILEGES without FOR ROLE you set them for all roles in the current DB and if you want to set them for yourself, you need to specify FOR ROLE <yourrole>. That'd be a minor change in the patch. Setting to "Ready for Committer" (and leaving to the committer the decision whether to support "FOR ALL ROLES" and what to do about the warning). Jan -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers