Re: ACLs versus ALTER OWNER

Dear Tom,

> [...]
> Even more interesting, the superuser can't fix it either,

Due to how ACL are defined in SQL, I restate my suggestion that the super
user should be able to change ANY right, including the GRANTOR field, with
an appropriate syntax, something like:

REVOKE ALL ON TABLE foo FROM GRANTOR [USER] alice;

The super user must really be a *super* user.


> ISTM that reasonable behavior for ALTER OWNER would include doing
> surgery on the object's ACL to replace references to the old owner by
> references to the new owner. [...]

I'm about so submit a fix for "create database" so that ownership and acl
would be fixed wrt to the owner of the database. This patch will include a
function to switch grantor rights that might be of interest for the above
purpose, as it may save you little time.  I'll try to send the patch
submission this week-end.

> I think there are corner cases where the merging might produce
> unintuitive results, but it couldn't be as spectacularly bad as
> doing nothing is.

I agree that these is work to do in the ACL area...

As an additionnal suggestion, I noticed in my tests that nothing is really
tested in the regression tests. It would be useful to have tests cases of
acl with accesses allowed or forbidden, maybe with a systematic and
exhaustive approach... It takes time to do that, but I think it would be
useful so as to measure what is needed.

Have a nice day,

-- 
Fabien Coelho - coelho@cri.ensmp.fr