Re: ALTER DEFAULT PRIVILEGES FOR ROLE is broken

On Fri, Jun 07, 2013 at 02:49:37PM -0400, Tom Lane wrote:
> Noah Misch <noah@leadboat.com> writes:
> > On Fri, Jun 07, 2013 at 12:26:59PM -0400, Tom Lane wrote:
> >> Essentially the argument for allowing this without a permissions check
> >> is "I'm not really doing anything to the schema, just preconfiguring the
> >> rights that will be attached to a new object if I later (successfully)
> >> create one in this schema".
> 
> > Seems fine.  I might have instead changed it to a test of the caller's
> > permissions.
> 
> I thought a bit about that, but it seems rather unrelated to the
> eventual use of the privileges.

Fair enough.

> > Roles and their memberships will be dumped in the globals portion of
> > pg_dumpall, whereas ALTER DEFAULT PRIVILEGES will be dumped for individual
> > databases.  How might a restore-order hazard arise?
> 
> The issue is that the A.D.P. must come out after a grant of CREATE
> privileges on the schema.

Oh, true.  The facts I called out there were inapplicable.

-- 
Noah Misch
EnterpriseDB                                 http://www.enterprisedb.com