Re: ACLs versus ALTER OWNER

Christopher Kings-Lynne <chriskl@familyhealth.com.au> writes:
>> The problem here is not with pg_dump; the problem is that dropping
>> privileges doesn't cascade to dropping objects that are dependent on
>> those privileges.  AFAICS the SQL spec requires us to be able to do
>> the latter. 

> The spec really requires that??  So basically we have RESTRICT and 
> CASCADE on REVOKE?

Well, the spec doesn't have create permissions per se, but they do have
a "usage" right on domains, and they specify that revoking that results
in dropping objects:
        7) For every abandoned domain descriptor DO, let S1.DN be the           <domain name> of DO. The following
<dropdomain statement> is           effectively executed without further Access Rule checking:
 
             DROP DOMAIN S1.DN CASCADE

Similarly, revoking access to tables etc. results in physical changes to
views that reference those tables.  So I think the idea is pretty clear.
        regards, tom lane