Robert Haas <robertmh...@gmail.com> writes: > I haven't read the patch, but it seems like one possible solution to > this problem would be to declare that any any DEFAULT PRIVILEGES you > set are cumulative. If you configure a global default, a per-schema > default, a default for tables whose names begin with the letter q, and > a default for tables created between midnight and 4am, then a table > called quux created in that schema at 2:30 in the morning will get the > union of all four sets of privileges.
Hmm ... interesting proposal. Simple to understand and simple to implement, which are both to the good. I'm not clear though on whether this behavior would be useful in practice. Any comments from those who've been asking for default ACLs? One potential trouble spot is that presumably the built-in default privileges (eg, PUBLIC EXECUTE for functions) would *not* cumulate with user-specified defaults. So you'd have a behavior where a function would not get PUBLIC EXECUTE automatically if it matched any of the available defaults, but would get it if it managed to miss matching them all. I am not sure if that's bad or not, but it seems kind of inconsistent. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers