Re: Schema (namespace) privilege details

On Fri, 2002-04-19 at 01:10, Tom Lane wrote:
> Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
>
> >> Another thing that would be needed to prevent users from creating new
> >> tables is to prevent them from creating schemas for themselves. I am not
> >> sure how to handle that --- should the right to create schemas be treated
> >> as a user property (a column of pg_shadow), or should it be attached
> >> somehow to the database (and if the latter, how)?
>
> > An aclitem[] column on pg_database seems like the most flexible solution
> > to me.
>
> Yeah, I was afraid you would say that ;-). I'd prefer to avoid it
> because I think we'd need to have a TOAST table for pg_database then.
> And I'm not at all sure how to setup a shared toast table. Can we get
> away with constraining pg_database rows to 8K if they contain ACL lists?
> (We might get some benefit from compression of the ACL list, but
> probably not a heck of a lot.)

Creating schemas is not the kind of thing people do very frequently.
Why not simply normalise the relationship into another table? the extra
expense of the lookup would be insignificant in the total context of
schema creation.

--
Oliver Elphick Oliver(dot)Elphick(at)lfix(dot)co(dot)uk
Isle of Wight http://www.lfix.co.uk/oliver
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C

"For I am persuaded, that neither death, nor life, nor
angels, nor principalities, nor powers, nor things
present, nor things to come, nor height, nor depth,
nor any other creature, shall be able to separate us
from the love of God, which is in Christ Jesus our
Lord." Romans 8:38,39