On Fri, Sep 11, 2015 at 9:48 AM, Stephen Frost <sfr...@snowman.net> wrote: > The only reason to avoid providing that flexibility is the concern that > it might be misunderstood and users might misconfigure their system. > Removing the flexibility to have per-command visibility policies and > instead force a single visibility policy doesn't add any capabilities.
That seems like an extremely weak argument. If a feature can't be used for anything useful, the fact that it doesn't actively interfere with the use of other features that are useful is not a reason to keep it. Clearly, something needs to be done about this. Saying, you can restrict by something other than ALL but it adds no security and serves no use cases is, frankly, a ridiculous position. Tom's proposal downthread is a reasonable one, and I endorse it: there may be other approaches as well. But regardless of the particular approach, if we're going to have per-command policies, then you need to do the work to make them useful. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers