Re: ALTER ... OWNER TO ... vs. ALTER DEFAULT PRIVILEGES

On Sat, Oct 31, 2015 at 10:42 AM, David Fetter <david(at)fetter(dot)org> wrote:
> On Sat, Oct 31, 2015 at 12:16:31AM +0100, Robert Haas wrote:
>> On Thu, Oct 29, 2015 at 10:31 PM, David Fetter <david(at)fetter(dot)org> wrote:
>> > Had this been part of the original ALTER DEFAULT PRIVILEGES patch,
>> > those privileges would simply have been applied. Since it wasn't, I'm
>> > ass-u-me'ing that changing the default behavior to that is going to
>> > cause (possibly legitimate) anxiety.
>>
>> The word "applied" is not very clear here. You want to revoke all
>> existing privileges and then regrant whatever the default privileges
>> would have been given the new owner? That might be a reasonable thing
>> to have a command for, but doing it automatically on an owner change
>> does not sound like a good idea. That could be very surprising
>> behavior.
>
> OK, so I think there are operationally useful use cases for
> mix'n'match of the following:
>
> - Clear all existing DEFAULT PRIVILEGES
> - Preserve DEFAULT PRIVILEGES from the previous owner
> - Apply DEFAULT PRIVILEGES for the new owner

I don't believe the privilege grant records in any way whether it came
about because of DEFAULT PRIVILEGES or for some other reason.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company