On Tue, Oct 3, 2017 at 9:19 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: > For pg_database, you'd have to make sure that the startup-time check of > database CONNECT privilege still works if the ACL's been pushed out of > line. >
I've tried this case. At first, make database temp with no connect privilege from public and 10000 users. create database temp; revoke connect on database temp from public; \copy (select 'create user u' || i || ';' from generate_series(1,10000) i) to 'script.sql' \i script.sql I've checked that user u10000 can't login to database temp. $ psql temp -U u10000 psql: FATAL: permission denied for database "temp" DETAIL: User does not have CONNECT privilege. Than I grant connect privilege to all that 10000 users. \copy (select 'grant connect on database temp to u' || i || ';' from generate_series(1,10000) i) to 'script.sql' \i script.sql Then user u10000 can login successfully. $ psql temp -U u10000 psql (11devel) Type "help" for help. u10000@temp=# Thus, in this simple case database CONNECT privilege works with out-of-line ACL for me. ------ Alexander Korotkov Postgres Professional: http://www.postgrespro.com The Russian Postgres Company