Tom,
> The owning-ROLE match is required, else you have issues with exactly
> what the ACL really means. What we're discussing is what other filters
> might exist to determine which objects are affected. The patch already
> tries to handle the cases of "all owned objects" and "all owned objects
> in schema X", and I think it's inevitable that people will want other
> cases.
Yeah, I'm thinking we should back off from filters for 8.5; we could do
them for 8.6, maybe. I'm one of the people who prefers a schema-based
system, but I'll do without one if it means we can keep things *simple*
(and get the feature in in 8.5).
I think trying to make this patch a panacea in the first iteration is
liable to backfire. Especially since we're doing GRANT ALL ON at the
same time.
--
Josh Berkus
PostgreSQL Experts Inc.
www.pgexperts.com