Re: Potential TODO: schema in ALTER DEFAULT PRIVILEGES?

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Josh Berkus <josh(at)agliodbs(dot)com>
Cc: PostgreSQL-development <pgsql-hackers(at)postgreSQL(dot)org>
Subject: Re: Potential TODO: schema in ALTER DEFAULT PRIVILEGES?
Date: 2013-01-23 21:33:20
Message-ID: 20130123213320.GZ16126@tamriel.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Josh,

* Josh Berkus (josh(at)agliodbs(dot)com) wrote:
> As you know, there's a lot of people these days using SCHEMA for
> multi-tenant application partitioning. One of them pointed out to me
> that "schema" is missing from ALTER DEFAULT PRIVS; that is, there's no
> way for you to set default permissions on a new schema. For folks using
> schema for partitioning, support for this would be very helpful.
>
> Worth adding to TODO? Obviously nobody's going to work on it right now.

The original ALTER DEFAULT PRIVS actually included support for exactly
this, and there was a patch at one point for DEFAULT OWNER as well. I'm
on board for both of those ideas and run into the lack of them regularly
(as in, last week I was setting default privileges for a whole slew of
roles by hand for a given schema because I couldn't set it for *all*
users for a given schema, even as a superuser, and new roles will be
added shortly and I'll have to go back and remember to add the default
privs for them also...).

That's my 2c. I don't believe this is really a question about if anyone
needs this so much as how we can implement it and keep everyone happy
that it's safe and secure. That's what needs to be worked out first.

Thanks,

Stephen

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Pavel Stehule 2013-01-23 21:47:58 Re: CF3+4 (was Re: Parallel query execution)
Previous Message Stephen Frost 2013-01-23 21:27:58 Re: CF3+4 (was Re: Parallel query execution)