Re: [PATCH] DefaultACLs

Tom Lane napsal(a): <blockquote cite="mid:9440.1254236736@sss.pgh.pa.us" type="cite"><pre wrap="">Petr Jelinek <a
class="moz-txt-link-rfc2396E"href="mailto:pjmodos@pjmodos.net"><pjmodos@pjmodos.net></a> writes:
</pre><blockquotetype="cite"><pre wrap="">That's how it works now actually, the problem is that when you grant 
 
something in the chain you can't revoke it anywhere else in the chain 
when you are merging privileges as you proposed.   </pre></blockquote><pre wrap="">
To allow that, you have to have some notion of a priority order among
the available defaults, so that you can sensibly say that A should
override B.  Which is easy as long as they've got hierarchical scopes,
but that doesn't seem like a restriction that will hold good for future
extensions. </pre></blockquote><br /> I am aware, I knew all that has been said so far at the time I sent in the patch
actually.That's why I am very skeptical about having those future non-hierarchical filters, I just don't see a way to
makeit happen.<br /> Also when you go to some insane complexity of default privileges that don't respect your database
structurethen you either want to handle it programatically as Josh said or you want to create new subroles what have
createsomething privilege and different default privileges instead of hoping that the database will somehow magically
dothe right thing about default acls conflicts.<br /><br /><pre class="moz-signature" cols="72">-- 
 
Regards
Petr Jelinek (PJMODOS)</pre>