| From: | Josh Berkus <josh(at)agliodbs(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: ALTER DEFAULT PRIVILEGES FOR ROLE is broken |
| Date: | 2013-04-30 00:26:13 |
| Message-ID: | 517F0FA5.2080704@agliodbs.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> Hm. I defended that restriction earlier, but it now occurs to me to
> wonder if it doesn't create a dump/reload sequencing hazard. I don't
> recall that pg_dump is aware of any particular constraints on the order
> in which it dumps privilege-grant commands. If it gets this right,
> that's mostly luck, I suspect.
For that matter, it raises a serious practical obstacle to implementing
schema-specific default privs by script, if you have to first check
whether the user in question has create privs ... something we don't
make it at all easy to do.
For 9.4, I'm going to argue that the ALTER DEFAULT PRIVs feature has
completely failed in its goal to make database permissions easier to
manage. Expect more detail on that after beta.
--
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Любен Каравелов | 2013-04-30 00:33:45 | Re: Graph datatype addition |
| Previous Message | Tom Lane | 2013-04-29 23:58:23 | Re: The missing pg_get_*def functions |