Re: Bogus permissions display in 7.4

Dear Tom,

> 4. I think that the system ACL entry should be "hidden" and not
> displayed by ACL-list printing. I'm not quite sure yet how to make
> that happen.  It would be nicer if the owner ID could be passed to
> recursive_revoke out-of-band, instead of being represented inside the
> ACL list, but I don't see how to do that for all its callers.
>
> Thoughts?

(1) It seems to me that part of the consequence of what the suggest   could be that there would be no such thing as
defaultacl implied   by a null entry in an aclitem. If so, this would be a very good thing.   However, this has
implicationson pg initialization.
 

(2) Although I subscribe your first 3 points, I do not like the   4th point. I don't think it is good practice to hide
anything.  That would make the acl display less understandable, as part   for the reality is not shown. It makes any
externaltool   (pgadmin, advisor, whatever else) to have to know this fact   and possibly handle it as a special case.
 

(3) The standard name for the system grantor is "_SYSTEM". User number   0 does not seem a bad idea, but how would it
interactwith number 1?   How often in the source code will they have to be tested?
 

(4) How can/could a super user add or change these system granted   privileges? Or should it be forbidden even to the
su?

(5) Some thought could be given to the implication about future ROLEs.   I'm interested in roles for my teaching, as
theycould allow   a database owner to manage fully the rights of its database wrt   to other users without needing any
superuser privilege.   Good for students;-)
 

-- 
Fabien Coelho - coelho@cri.ensmp.fr