Re: [PATCH] DefaultACLs

On Mon, Sep 28, 2009 at 10:44 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Robert Haas <robertmhaas@gmail.com> writes:
>> I haven't read the patch, but it seems like one possible solution to
>> this problem would be to declare that any any DEFAULT PRIVILEGES you
>> set are cumulative.  If you configure a global default, a per-schema
>> default, a default for tables whose names begin with the letter q, and
>> a default for tables created between midnight and 4am, then a table
>> called quux created in that schema at 2:30 in the morning will get the
>> union of all four sets of privileges.
>
> Hmm ... interesting proposal.  Simple to understand and simple to
> implement, which are both to the good.  I'm not clear though on whether
> this behavior would be useful in practice.  Any comments from those
> who've been asking for default ACLs?
>
> One potential trouble spot is that presumably the built-in default
> privileges (eg, PUBLIC EXECUTE for functions) would *not* cumulate
> with user-specified defaults.

Why not?

...Robert