Josh Berkus <josh@agliodbs.com> writes:
> On 10/3/09 8:09 AM, Kevin Grittner wrote:
>> Robert Haas <robertmhaas@gmail.com> wrote:
> let's let the default, global default ACL contain the hard-wired
> privileges, instead of making them hardwired.
> Wow, that would be great. It would meant that DBAs could change the
> global default permissions.
Committed that way. One possible disadvantage down the road is that
people may now have the "default" privileges instantiated in their
databases, which will pose a hazard if we ever want to change the
default privilege sets. I imagine that we could have pg_upgrade go
through and modify the contents of pg_default_acl if we got in a bind
over this, but it's going to be something to think about.
regards, tom lane