I am sorry I forgot to write my opinion on these.
Do we want to differentiate views from tables in these commands or not ?
I'd like to have views separate but I don't feel strongly about it. However having single statement for TABLE, VIEW and SEQUENCE is not a good idea IMHO, it will add confusion with standard GRANT statement and I don't think we could call it a TABLE anymore.

Do we want GRANT ON ALL (or GRANT ON * which is mysql style, btw) in SQL form (not functions or client enhancements) at all ? - if we decide that we don't want to have this as SQL statement then I'll drop the effort.
Well, since I've written the patch I am for it :) Probably with that GRANT ON * and GRANT ON schema.* as it has indeed very low probability that something like that will be in standard with different meaning and also it's mysql compatible (which is the only db currently having this feature I think), even if that's very little plus. Adding the possibility of running commands on many objects at once in psql would be nice addition in the future, especially since we could have more wild syntax there, but I still feel strongly about having the simplest case handled by SQL.

And how do we want to filter default acls ?
My opinion is that the best way to do this would be ALTER DEFAULT PRIVILEGES GRANT ..., without any additional filters, it would just affect the role which runs this command. I think this is best solution because ALTER SCHEMA forces creation of many schemas that might not have anything to do with structure of the database (if you want different default privileges for different things). Also having default privileges per role with filters on various things will IMHO create more confusion than good. And finally if somebody wants to have different default privileges for different things than he can just create child roles with different default privileges and use SET SESSION AUTHORIZATION to switch between them.

--
Regards
Petr Jelinek (PJMODOS)


--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Reply via email to