Bruno Wolff III <bruno@wolff.to> writes:
> There isn't much. "domain" is only referred to in the compatibility section.
> It says "usage" is the standard keyword used for granting permission
> to use domains.
Oh, duh. I read your question as asking about schemas, not domains.
Sorry.
Domains are types and there are no access permissions for types (except
for the rather indirect approach of disallowing USAGE on the schema
containing the type name, which will not help you to revoke existing
usages of a type...). It seems to me that access permissions for the
associated functions are equivalent if not superior. What would it mean
to, say, revoke usage permission on a type? If someone else already has
a table that has a column of that type, what happens? What about
functions or domains that reference the type?
> Its not a big deal keeping domains secret. But if anyone can reference your
> domain, it looks like they can keep you from dropping it.
We have DROP CASCADE now, and assuming that Chris gets DROP COLUMN done,
this is not an issue. I suspect that the above complaint is a red
herring anyway; the average user is probably going to be much more
unhappy about the reverse direction of denial of service, namely
"I'll lose my data if the type owner drops the type of my column!!
How can I prevent him from doing that?"
> There can be a similar problem if you temporarily grant someone references
> to a table to do something and they either create other references you
> don't want or they refuse to drop the reference later to allow you to
> drop the table.
You can drop the table whether they want you to or not; the foreign key
constraint goes away by CASCADE.
regards, tom lane