Robert Haas:
I have to admit that when I realized that was the natural place to put
them to make the patch work, my first reaction internally was "well,
that can't possibly be right, role properties suck!". But I didn't and
still don't see where else to put them that makes any sense at all, so
I eventually decided that my initial reaction was misguided. So I
can't really blame you for not liking it either, and would be happy if
we could come up with something else that feels better. I just don't
know what it is: at least as of this moment in time, I believe these
naturally ARE properties of the role [...]
That might be the wrong view. As I say, I'm open to other ideas, and
it's possible there's some nicer way to do it that I just don't see
right now.
INHERITCREATEDROLES and SETCREATEDROLES behave much like DEFAULT
PRIVILEGES. What about something like:
ALTER DEFAULT PRIVILEGES FOR alice
GRANT TO alice WITH INHERIT FALSE, SET TRUE, ADMIN TRUE
The "abbreviated grant" is very much abbreviated, because the original
syntax GRANT a TO b is already quite short to begin with, i.e. there is
no ON ROLE or something like that in it.
The initial DEFAULT privilege would be INHERIT FALSE, SET FALSE, ADMIN
TRUE, I guess?
Best,
Wolfgang
