| From: | Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | PostgreSQL Developers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: ACLs versus ALTER OWNER |
| Date: | 2004-06-02 14:54:36 |
| Message-ID: | 40BDEA2C.5000503@familyhealth.com.au |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> Well, the spec doesn't have create permissions per se, but they do have
> a "usage" right on domains, and they specify that revoking that results
> in dropping objects:
>
> 7) For every abandoned domain descriptor DO, let S1.DN be the
> <domain name> of DO. The following <drop domain statement> is
> effectively executed without further Access Rule checking:
>
> DROP DOMAIN S1.DN CASCADE
Hmmm. Seems pretty harsh. But barring us implementing that (I don't
see it happening for 7.5), just had an idea :)
How about pg_dumpall dumps all users as superusers, and then changes
them back to what they're supposed to be at the bottom of the script :)
Easy :)
Chris
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Shridhar Daithankar | 2004-06-02 14:55:38 | Re: Converting postgresql.conf parameters to kilobytes |
| Previous Message | Tom Lane | 2004-06-02 14:53:47 | Re: Nested transactions and tuple header info |