Stephen Frost <sfrost@snowman.net> writes:
> iirc, the suggestion was to exclude the non-SQL-spec things from 'GRANT
> ALL' to avoid just that issue. Having to grant TRUNCATE and/or DDL
> operation permissions explicitly would be reasonable. This might create
> a disconnect with what 'revoke all' does, since that should really
> remove all of the perms, but I feel that's reasonable. A 'Default
> secure' approach.
More like "default impossibly confusing" :-(. "GRANT ALL" doesn't mean
grant all privileges? How the heck are you going to explain/justify
that to a newbie?
regards, tom lane