Re: TODO item: set proper permissions on non-system schemas
| От | Andrew - Supernews |
|---|---|
| Тема | Re: TODO item: set proper permissions on non-system schemas |
| Дата | |
| Msg-id | slrndhe0hd.1vfu.andrew+nonews@trinity.supernews.net обсуждение исходный текст |
| Ответ на | TODO item: set proper permissions on non-system schemas (Jaime Casanova <systemguards@gmail.com>) |
| Ответы |
Re: TODO item: set proper permissions on non-system schemas
|
| Список | pgsql-hackers |
On 2005-09-01, Tom Lane <tgl@sss.pgh.pa.us> wrote: > Andrew - Supernews <andrew+nonews@supernews.com> writes: >> On 2005-09-01, Tom Lane <tgl@sss.pgh.pa.us> wrote: >>> There's considerable feeling that that TODO item is bogus anyway. > >> The issue that I've seen is that currently, allowing non-superusers to >> create databases in a useful manner requires all sorts of hoop-jumping >> to allow the database owner to end up owning the "public" schema. > > The part of this that hasn't been justified to my satisfaction is *why* > the database owner should own the public schema. He should certainly be able to drop it, in addition to being able to control access to it. > There is some merit in the thought that the DB owner should be able to > grant and revoke access on the public schema, but that no longer > requires ownership, only membership in an appropriate role. How would that work without superuser intervention, given that the ownership of public would be the same in all databases regardless of who created them? >> (Another wart that could do with looking into is that such a non-superuser >> database owner can't prevent xid wrap in his database regardless of how >> often he vacuums it.) > > The DB owner shouldn't really be responsible for vacuuming anyway. Debatable. -- Andrew, Supernews http://www.supernews.com - individual and corporate NNTP services
В списке pgsql-hackers по дате отправления: