On Mon, Jun 29, 2009 at 7:41 PM, Josh Berkus<josh@agliodbs.com> wrote:
> The main reason is existing practice.
I haven't followed the entire conversation so i'm not sure who I'm
going to be disagreeing with or agreeing with here. But I wanted to
mention that existing practice may not be a very useful place to start
here. Whatever mechanism we invent is going to change the calculus of
people deciding how to set up their schemas and roles since they'll
want to arrange things to take advantage of this new mechanism.
In particular, one early question was whether to use wildcard patterns
or schema names. People were saying wildcard patterns would be more
flexible because people don't always set up their objects in different
schemas. But if we had a mechanism someone wanted to use which
depended on schemas they would be far more likely to choose to set up
schemas for objects which belong in different security classes.
--
greg
http://mit.edu/~gsstark/resume.pdf