On Fri, Jun 07, 2013 at 02:49:37PM -0400, Tom Lane wrote: > Noah Misch <n...@leadboat.com> writes: > > On Fri, Jun 07, 2013 at 12:26:59PM -0400, Tom Lane wrote: > >> Essentially the argument for allowing this without a permissions check > >> is "I'm not really doing anything to the schema, just preconfiguring the > >> rights that will be attached to a new object if I later (successfully) > >> create one in this schema". > > > Seems fine. I might have instead changed it to a test of the caller's > > permissions. > > I thought a bit about that, but it seems rather unrelated to the > eventual use of the privileges.
Fair enough. > > Roles and their memberships will be dumped in the globals portion of > > pg_dumpall, whereas ALTER DEFAULT PRIVILEGES will be dumped for individual > > databases. How might a restore-order hazard arise? > > The issue is that the A.D.P. must come out after a grant of CREATE > privileges on the schema. Oh, true. The facts I called out there were inapplicable. -- Noah Misch EnterpriseDB http://www.enterprisedb.com -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
