Robert Haas napsal(a):
On Thu, Oct 1, 2009 at 1:37 PM, Tom Lane <t...@sss.pgh.pa.us> wrote:
Petr Jelinek <pjmo...@pjmodos.net> writes:
because it seems like merging privileges seems to be acceptable for most
(although I am not sure I like it, but I don't have better solution for
managing conflicts), I changed the patch to do just that.
It's not clear to me whether we have consensus on this approach.
Last chance for objections, anyone?
The main argument I can see against doing it this way is that it doesn't
provide a means for overriding the hard-wired public grants for object
types that have such (principally functions). I think that a reasonable
way to address that issue would be for a follow-on patch that allows
changing the hard-wired default privileges for object types. It might
well be that no one cares enough for it to matter, though. I think that
in most simple cases what's needed is a way to add privileges, not
subtract them --- and we're already agreed that this mechanism is only
meant to simplify simple cases.
I'm going to reiterate what I suggested upthread... let's let the
default, global default ACL contain the hard-wired privileges, instead
of making them hardwired. Then your objects will get those privileges
not because they are hard-wired, but because you haven't changed your
global default ACL to not contain them.
That's somewhat how I implemented it although not just on global level
but in any single filter, what we now have as defaults (before this
patch) is used as template for default acls and you can revoke it. You
just can't revoke anything you granted anywhere in the default acls chain.
--
Regards
Petr Jelinek (PJMODOS)
