On 2009-12-04, Andrew Gierth <andrew@xxxxxxxxxxxxxxxxxxxx> wrote: >>>>>> "Tom" == Tom Lane <tgl@xxxxxxxxxxxxx> writes: > > > Andrew Dunstan <andrew@xxxxxxxxxxxx> writes: > >> Before we go too far with this, I'd like to know how we will handle the > >> problems outlined here: > >> <http://archives.postgresql.org/pgsql-hackers/2008-02/msg00916.php> > > Tom> Hm, I think that's only a problem if we define it to be a > Tom> problem, and I'm not sure it's necessary to do so. Currently, > Tom> access to PL languages is controlled by superusers. You are > Tom> suggesting that if plpgsql is installed by default, then access > Tom> to it should be controlled by non-superuser DB owners instead. > > Currently, a non-superuser db owner can install plpgsql, and having > installed it, can DROP it or grant/revoke access to it: > > test=> create language plpgsql; > CREATE LANGUAGE > test=> revoke usage on language plpgsql from public; > REVOKE > test=> drop language plpgsql; > DROP LANGUAGE > > The complaint is that if plpgsql is installed by default, then it will > be owned by postgres rather than by the db owner, who will then not be > able to drop it or use grant/revoke on it. The same problem is had with schema public... -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
