On Thu, Nov 10, 2011 at 11:17 PM, Stephen Frost <sfr...@snowman.net> wrote: > * Robert Haas (robertmh...@gmail.com) wrote: >> On Thu, Nov 10, 2011 at 10:52 PM, Stephen Frost <sfr...@snowman.net> wrote: >> > Certainly a big one that people get caught by is our default of execute >> > to public on functions.. Most of our privileges are set up as minimal >> > access to others, functions are an oddity in that regard. Rather than >> > fight the battle of what the default *should* be for functions, we could >> > just give the DBA the ability to configure it for their database. >> >> Sure, let's do. But that hardly means that we need to store useless >> catalog records in every database with the DBA doesn't do that. > > Fair enough, so the direction would be to add 'IN DATABASE' options to > 'ALTER DEFAULT PRIVILEGES' and have all the same options there, plus > flags for schema (and any other schema-level/entire-database things) > options? I presume that the 'IN SCHEMA' / 'FOR USER' options would be > used, where those exist, and we'd only fall back to the higher ones if > those don't exist?
Oh, I didn't realize that you were proposing a database-wide setting; my point was just that the way the feature looks to the user doesn't have to dictate the catalog representation. I'm not entirely certain whether a database-wide setting is useful enough to justify the additional complexity. I'm not saying it isn't, just wondering out loud. To need this rather than just a per-schema facility, you'd need to be using enough schemas (or creating new ones frequently enough) that setting the privileges one schema at a time would be inconvenient. How common is that? -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
