On Thu, Nov 10, 2011 at 11:17 PM, Stephen Frost <[email protected]> wrote: > * Robert Haas ([email protected]) wrote: >> On Thu, Nov 10, 2011 at 10:52 PM, Stephen Frost <[email protected]> wrote: >> > Certainly a big one that people get caught by is our default of execute >> > to public on functions.. Most of our privileges are set up as minimal >> > access to others, functions are an oddity in that regard. Rather than >> > fight the battle of what the default *should* be for functions, we could >> > just give the DBA the ability to configure it for their database. >> >> Sure, let's do. But that hardly means that we need to store useless >> catalog records in every database with the DBA doesn't do that. > > Fair enough, so the direction would be to add 'IN DATABASE' options to > 'ALTER DEFAULT PRIVILEGES' and have all the same options there, plus > flags for schema (and any other schema-level/entire-database things) > options? I presume that the 'IN SCHEMA' / 'FOR USER' options would be > used, where those exist, and we'd only fall back to the higher ones if > those don't exist?
Oh, I didn't realize that you were proposing a database-wide setting; my point was just that the way the feature looks to the user doesn't have to dictate the catalog representation. I'm not entirely certain whether a database-wide setting is useful enough to justify the additional complexity. I'm not saying it isn't, just wondering out loud. To need this rather than just a per-schema facility, you'd need to be using enough schemas (or creating new ones frequently enough) that setting the privileges one schema at a time would be inconvenient. How common is that? -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
