| From: | Petr Jelinek <pjmodos(at)pjmodos(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Jan Urban'ski <wulczer(at)wulczer(dot)org>, Josh Berkus <josh(at)agliodbs(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCH] DefaultACLs |
| Date: | 2009-10-06 13:03:25 |
| Message-ID: | 4ACB401D.1000003@pjmodos.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Petr Jelinek napsal(a):
> Tom Lane napsal(a):
>> Petr Jelinek <pjmodos(at)pjmodos(dot)net> <mailto:pjmodos(at)pjmodos(dot)net> writes:
>>
>>> Tom Lane napsal(a):
>>>
>>>> One thing that seems like it's likely to be an annoyance in practice
>>>> is the need to explicitly do DROP OWNED BY to get rid of pg_default_acl
>>>> entries for a role to be dropped.
>>>>
>>> Yeah I am not happy about this either but there is not much we can do
>>> about it. Btw I think in the version I sent in REASSIGN OWNED acted as
>>> DROP OWNED for default ACLs.
>>>
>> IIRC it just threw a warning, which didn't seem tremendously useful to
>> me.
>>
>
> Oh did it ? Then I must have discarded that idea for some reason. I
> probably didn't want to be too pushy there.
>
Now I remember why - consistency with ACLs on object. REASSIGN OWNED
does not drop any GRANTed ACLs on any object, so it seemed appropriate
to only drop default ACLs in DROP OWNED BY along with ACLs on objects.
--
Regards
Petr Jelinek (PJMODOS)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2009-10-06 13:42:01 | Re: Streaming Replication patch for CommitFest 2009-09 |
| Previous Message | Petr Jelinek | 2009-10-06 12:54:58 | Re: [PATCH] DefaultACLs |