Re: ALTER ... OWNER TO ... vs. ALTER DEFAULT PRIVILEGES

From: David Fetter <david(at)fetter(dot)org>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: PG Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: ALTER ... OWNER TO ... vs. ALTER DEFAULT PRIVILEGES
Date: 2015-10-29 21:31:47
Message-ID: 20151029213147.GH401@fetter.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Thu, Oct 29, 2015 at 02:25:14PM -0400, Tom Lane wrote:
> David Fetter <david(at)fetter(dot)org> writes:
> > Since it's not a green field project, I would like to propose the
> > following addition to the ALTER ... OWNER TO ... construct:
> > ALTER ... OWNER TO ... [{NEW | OLD} DEFAULT PRIVILEGES]
> > What say?
>
> I'd say "you haven't actually defined what either of those options mean".

Good point.

This morning, when this came up most recently for me, I wanted to
change the owner of a table, which was all well and good, and I wanted
the default privileges of the new owner applied to it, which was, to
coin a phrase, all unwell and bad.

Had this been part of the original ALTER DEFAULT PRIVILEGES patch,
those privileges would simply have been applied. Since it wasn't, I'm
ass-u-me'ing that changing the default behavior to that is going to
cause (possibly legitimate) anxiety.

On thinking this through, I'd like to propose a more extensible
syntax, as below.

If we're going with "preserve current behavior for current syntax," I
propose that:

- Leaving the clause out would apply no privileges (modulo event
triggers. Whee!), preserving current behavior.

- ALTER ... OWNER TO ... WITH (NEW DEFAULT PRIVILEGES) applies any
applicable default privileges for the new owner.

- ALTER ... OWNER TO ... WITH (OLD DEFAULT PRIVILEGES) ensures that
any any applicable default privileges for the previous owner are
applied, whether they already had been or not.

It would be legal to supply both WITH stanzas, as in WITH (NEW DEFAULT
PRIVILEGES, OLD DEFAULT PRIVILEGES).

If we're going with "current behavior is pretty crazy, and should
never have been this way," (my opinion) I propose that:

- Leaving the clause out would wipe the default privileges slate clean
and apply any default privileges for the new owner, i.e. behave as
though the object had just been created.

- ALTER ... OWNER TO ... WITH ( [OLD DEFAULT PRIVILEGES [, NO NEW
PRIVILEGES] ) would ensure the previous default privileges had been
applied and not apply any new default privileges, respectively.
Order shouldn't matter.

Cheers,
David.
--
David Fetter <david(at)fetter(dot)org> http://fetter.org/
Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter
Skype: davidfetter XMPP: david(dot)fetter(at)gmail(dot)com

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message David E. Wheeler 2015-10-29 22:31:10 Re: pgxs/config/missing is... missing
Previous Message Peter Geoghegan 2015-10-29 21:16:44 Re: Are we sufficiently clear that jsonb containment is nested?