Tom,
> Probably we should have temp table creation allowed to all by default.
> I'm not convinced that that's a good idea for schema-creation privilege
> though. Related issues: what should initdb set as the permissions for
> template1? Would it make sense for newly created databases to copy
> their permission settings from the template database? (Probably not,
> since the owner is likely to be different.) What about copying those
> per-database config settings Peter just invented?
Yes. I think there should be a not optional INITDB switch: either --secure
or --permissive. People usually know at the time of installation whether
they're building a web server (secure) or a home workstation (permissive).
Depending on the setting, this should set either a grant all or revoke all for
non-db owners as default, including such things as temp table creation.
--
-Josh Berkus
______AGLIO DATABASE SOLUTIONS___________________________ Josh Berkus Complete
informationtechnology josh@agliodbs.com and data management solutions (415) 565-7293 for law firms, small
businesses fax 621-2533 and non-profit organizations. San Francisco