Tom, > The owning-ROLE match is required, else you have issues with exactly > what the ACL really means. What we're discussing is what other filters > might exist to determine which objects are affected. The patch already > tries to handle the cases of "all owned objects" and "all owned objects > in schema X", and I think it's inevitable that people will want other > cases.
Yeah, I'm thinking we should back off from filters for 8.5; we could do them for 8.6, maybe. I'm one of the people who prefers a schema-based system, but I'll do without one if it means we can keep things *simple* (and get the feature in in 8.5). I think trying to make this patch a panacea in the first iteration is liable to backfire. Especially since we're doing GRANT ALL ON at the same time. -- Josh Berkus PostgreSQL Experts Inc. www.pgexperts.com -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers