| From: | Josh Berkus <josh(at)agliodbs(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCH] DefaultACLs |
| Date: | 2009-09-28 20:23:12 |
| Message-ID: | 4AC11B30.9020408@agliodbs.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom,
>> I thought the idea was to simply avoid that situation. Maybe we want to
>> forget about global defaults if that's the case, and just do the ROLE
>> defaults.
>
> That seems like a pretty dead-end design.
Well, the whole purpose for DefaultACLs is to simplify administration
for the simplest use cases. If we add a large host of conflicting
options, we haven't simplified stuff very much.
> I already mentioned one case that there's longstanding demand for, which
> is to instantiate the correct permissions on new partition child tables.
Wouldn't that be handled by inheritance?
> But more generally, this is a fairly large and complicated patch in
> comparison to the reward, if the intention is that it will never support
> anything more than the one case of "IN SCHEMA foo" filtering.
I thought we were doing ROLEs?
--
Josh Berkus
PostgreSQL Experts Inc.
www.pgexperts.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2009-09-28 20:27:23 | Re: [PATCH] DefaultACLs |
| Previous Message | Tom Lane | 2009-09-28 20:07:03 | Re: syslog_line_prefix |