Re: type privileges and default privileges

On Thu, Nov 10, 2011 at 10:52 PM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> * Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
>> Stephen Frost <sfrost(at)snowman(dot)net> writes:
>> > A LOT of catalog bulk..?  Am I missing something here?
>>
>> What I'm missing is what actual benefit we get from spending the extra
>> space.  (No, I don't believe that changing the defaults is something
>> that users commonly will or should do; it's certainly not the case to
>> optimize for.)
>
> Typical database *users*?  No.  A DBA or SA?  Certainly, and we already
> provide a way to do that, in part.  Supporting it for the 'default
> defaults' would be nice as would support for default privileges for
> schemas (rather than just objects that go *in* schemas).
>
> Certainly a big one that people get caught by is our default of execute
> to public on functions..  Most of our privileges are set up as minimal
> access to others, functions are an oddity in that regard.  Rather than
> fight the battle of what the default *should* be for functions, we could
> just give the DBA the ability to configure it for their database.

Sure, let's do. But that hardly means that we need to store useless
catalog records in every database with the DBA doesn't do that.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company