Re: [PATCH] DefaultACLs

Robert Haas napsal(a): <blockquote cite="mid:603c8f070909290640h4384e645r4a299dbd7f6dddbd@mail.gmail.com"
type="cite"><prewrap="">On Mon, Sep 28, 2009 at 11:47 PM, Stephen Frost <a class="moz-txt-link-rfc2396E"
href="mailto:sfrost@snowman.net"><sfrost@snowman.net></a>wrote: </pre><blockquote type="cite"><pre wrap="">*
RobertHaas (<a class="moz-txt-link-abbreviated" href="mailto:robertmhaas@gmail.com">robertmhaas@gmail.com</a>) wrote:
</pre><blockquotetype="cite"><blockquote type="cite"><pre wrap="">One potential trouble spot is that presumably the
built-indefault
 
privileges (eg, PUBLIC EXECUTE for functions) would *not* cumulate
with user-specified defaults.       </pre></blockquote><pre wrap="">Why not?     </pre></blockquote><pre wrap="">How
wouldyou have a default that says "I *don't* want public execute on
 
my new functions"?   </pre></blockquote><pre wrap="">
Hmm...

Maybe instead of having built-in default privileges, we could view
each user as having their global default ACL pre-initialized to that
same set of privileges (of course we needn't store it unless and until
they modify it).  Then they could add to those or take away from them,
plus add additional privileges at other levels. </pre></blockquote><br /> That's how it works now actually, the problem
isthat when you grant something in the chain you can't revoke it anywhere else in the chain when you are merging
privilegesas you proposed.<br /><br /><pre class="moz-signature" cols="72">-- 
 
Regards
Petr Jelinek (PJMODOS)</pre>