Re: Default permissisons from schemas

Stephen Frost <sfrost@snowman.net> writes:
>   Following up on my reply to Joshua, what I'd like to propose is, for
>   comments and suggestions:

>   ALTER SCHEMA name [ [ WITH ] [ DEFAULT ] option [ ... ] ]

>   where option can be:

>     { GRANT { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRI=
> GGER | EXECUTE }=20
>       [,...] | ALL [ PRIVILEGES ] }=20
>       TO { role | PUBLIC } [, ...] [ WITH GRANT OPTION ]=20
>     } [, ...]

>     OWNER role

This seems to ignore the problem that different types of objects have
different privileges.  E.g., if I want to grant USAGE on all sequences
that doesn't necessarily mean I want to grant USAGE on all languages.

>   When not-null the 'nspdefowner' would be the owner of all
>   objects created in the schema.

Whoa.  You are going to allow people to create objects owned by someone
else?  I don't think so ... most Unix systems have forbidden object
give-away for years, for very good reasons.
        regards, tom lane