> > What this loses is the ability to revoke public SET permissions > on USERSET GUCs. I claim that that is not so valuable as to > justify all the complication needed to deal with it.
Agreed, and in line with my thinking from last night. These default public set grants are indeed the complication and I'm good with the status quo where they are non-revocable.
I'm finding it curious that we are choosing to document every (all 6) context that doesn't have this default privilege instead of saying that only the user context variables are granted this default, and now irrevocable, default set privilege. This is in addition to making sure we distinguish between parameter and context in my earlier email.
> Avoiding > a permissions lookup in the default SET code path seems like > a pretty important benefit, too. If we force that to happen > it's going to be a noticeable drag on functions with SET clauses. > > The last point is telling, so +1