Re: inconsistent owners in newly created databases?

Dear Tom,

> > UPDATE pg_catalog.pg_namespace
> > SET nspowner=datdba, nspacl=NULL -- NULL means default rights...
> > The later is simple and makes sense anyway for a newly created database.
>
> No, I don't think it does.  The DBA presently can set up a site-wide
> policy about use of "public" by altering its permissions in template1.
> For example, he might revoke create access from most users.  People will
> be surprised if that fails to carry over to created databases.

Ok, I understand that.

So that would mean switching all grantors to the owner in the aclitem
array? Maybe some function would be useful for that, so as to stick to
SQL:
 UPDATE pg_namespace SET nspowner = datdba,     nspacl   = aclitems_switch_grantor(nspacl, datdba) FROM ... WHERE ...;

but I'm not sure adding such an horrible "user" function in pg_proc would
be welcome, as aclitem accessors were removed two days ago.

The alternative is to do it in C within the backend, but I would have
liked the plain SQL better. Just a mater of taste, I guess.
Pg backend philosophy: why writing SQL if you can do it in C? ;-)

I'll have a look at it if I have time, maybe over the week-end.
Thanks for your insight.

-- 
Fabien Coelho.