| From: | Josh Berkus <josh(at)agliodbs(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCH] DefaultACLs |
| Date: | 2009-09-28 20:54:05 |
| Message-ID: | 4AC1226D.7030405@agliodbs.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom,
> The owning-ROLE match is required, else you have issues with exactly
> what the ACL really means. What we're discussing is what other filters
> might exist to determine which objects are affected. The patch already
> tries to handle the cases of "all owned objects" and "all owned objects
> in schema X", and I think it's inevitable that people will want other
> cases.
Yeah, I'm thinking we should back off from filters for 8.5; we could do
them for 8.6, maybe. I'm one of the people who prefers a schema-based
system, but I'll do without one if it means we can keep things *simple*
(and get the feature in in 8.5).
I think trying to make this patch a panacea in the first iteration is
liable to backfire. Especially since we're doing GRANT ALL ON at the
same time.
--
Josh Berkus
PostgreSQL Experts Inc.
www.pgexperts.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Devrim GÜNDÜZ | 2009-09-28 21:10:44 | Small patch for README |
| Previous Message | Andrew Dunstan | 2009-09-28 20:47:56 | Re: syslog_line_prefix |