On 9 January 2013 22:09, Tom Lane <t...@sss.pgh.pa.us> wrote: > Simon Riggs <si...@2ndquadrant.com> writes: >> On 9 January 2013 21:42, Tom Lane <t...@sss.pgh.pa.us> wrote: >>> If we were designing this from scratch I'd agree that a separate TEMP >>> privilege would be a good thing. But bolting one on now is likely >>> to create more problems than it fixes. Particularly since it doesn't >>> actually fix any of the concrete problems enumerated in this thread. >>> >>> I continue to think that getting rid of the privilege check would be >>> a more useful answer than changing which privilege is tested. > >> I wasn't suggesting that we test for TEMP instead of CREATE; what I >> meant was we would test for CREATE *OR* TEMP to give more options for >> management. > > [ shrug... ] That's weird, ie unlike the behavior of other privileges, > and it *still* doesn't fix any of the problems Stephen complained of.
I think we're having a disconnection half hour? The privs could be seen as CREATE_ANY or CREATE_TEMP_ONLY. One is a superset of the other, just like granting ANY is a superset of other privs. My view is it would fix the root cause of the problem, as explained. If you wanted to make TEMP active by default, we can do that. -- Simon Riggs http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
