On Thu, Oct 1, 2009 at 1:37 PM, Tom Lane <[email protected]> wrote: > Petr Jelinek <[email protected]> writes: >> because it seems like merging privileges seems to be acceptable for most >> (although I am not sure I like it, but I don't have better solution for >> managing conflicts), I changed the patch to do just that. > > It's not clear to me whether we have consensus on this approach. > Last chance for objections, anyone? > > The main argument I can see against doing it this way is that it doesn't > provide a means for overriding the hard-wired public grants for object > types that have such (principally functions). I think that a reasonable > way to address that issue would be for a follow-on patch that allows > changing the hard-wired default privileges for object types. It might > well be that no one cares enough for it to matter, though. I think that > in most simple cases what's needed is a way to add privileges, not > subtract them --- and we're already agreed that this mechanism is only > meant to simplify simple cases.
I'm going to reiterate what I suggested upthread... let's let the default, global default ACL contain the hard-wired privileges, instead of making them hardwired. Then your objects will get those privileges not because they are hard-wired, but because you haven't changed your global default ACL to not contain them. ...Robert -- Sent via pgsql-hackers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
