Re: Bogus permissions display in 7.4

Dear Tom,

> 4. I think that the system ACL entry should be "hidden" and not
> displayed by ACL-list printing. I'm not quite sure yet how to make
> that happen. It would be nicer if the owner ID could be passed to
> recursive_revoke out-of-band, instead of being represented inside the
> ACL list, but I don't see how to do that for all its callers.
>
> Thoughts?

(1) It seems to me that part of the consequence of what the suggest
could be that there would be no such thing as default acl implied
by a null entry in an aclitem. If so, this would be a very good thing.
However, this has implications on pg initialization.

(2) Although I subscribe your first 3 points, I do not like the
4th point. I don't think it is good practice to hide anything.
That would make the acl display less understandable, as part
for the reality is not shown. It makes any external tool
(pgadmin, advisor, whatever else) to have to know this fact
and possibly handle it as a special case.

(3) The standard name for the system grantor is "_SYSTEM". User number
0 does not seem a bad idea, but how would it interact with number 1?
How often in the source code will they have to be tested?

(4) How can/could a super user add or change these system granted
privileges? Or should it be forbidden even to the su?

(5) Some thought could be given to the implication about future ROLEs.
I'm interested in roles for my teaching, as they could allow
a database owner to manage fully the rights of its database wrt
to other users without needing any super user privilege.
Good for students;-)

--
Fabien Coelho - coelho(at)cri(dot)ensmp(dot)fr