> Josh's last suggestion (ALL TABLES IN someschema) seems to me to be a > reasonable compromise between usefulness, syntactic weirdness, and > hiding implementation details.
Maybe it is not necessary to extend the syntax to distinguish between the two cases. Maybe it's worth considering to have newly created tables/functions automatically 'GRANTED' with permissions set at the schema level. This could perhaps by guarded with GUC variable to preserve compatibility with previous versions. That way people like me who prefer this behavior can just set security at the schema level which is what we want. In the event that the schema security changes, I don't mind having to issue one of Matthias's beefed up GRANTS to get everything right. This removes confusion and allows more freedom to tinker with the GRANT sytax. Plus, it makes having to mess with the system tables/views less likely, IMO. Merlin ---------------------------(end of broadcast)--------------------------- TIP 6: Have you searched our list archives? http://archives.postgresql.org