On Sat, Oct 31, 2015 at 12:16:31AM +0100, Robert Haas wrote:
> On Thu, Oct 29, 2015 at 10:31 PM, David Fetter <da...@fetter.org> wrote:
> > Had this been part of the original ALTER DEFAULT PRIVILEGES patch,
> > those privileges would simply have been applied.  Since it wasn't, I'm
> > ass-u-me'ing that changing the default behavior to that is going to
> > cause (possibly legitimate) anxiety.
> The word "applied" is not very clear here.  You want to revoke all
> existing privileges and then regrant whatever the default privileges
> would have been given the new owner?  That might be a reasonable thing
> to have a command for, but doing it automatically on an owner change
> does not sound like a good idea.  That could be very surprising
> behavior.

OK, so I think there are operationally useful use cases for
mix'n'match of the following:

- Clear all existing DEFAULT PRIVILEGES
- Preserve DEFAULT PRIVILEGES from the previous owner
- Apply DEFAULT PRIVILEGES for the new owner

Are there others?  I suspect we could get some lift out of

CREATE ...  OWNER ... 

which would then Do The Right Thing™ with respect at least to initial
creation without having to be connected as that role.

David Fetter <da...@fetter.org> http://fetter.org/
Phone: +1 415 235 3778  AIM: dfetter666  Yahoo!: dfetter
Skype: davidfetter      XMPP: david.fet...@gmail.com

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to