Gunnar Rnning wrote:
> * Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
> | Jean-Francois Leveque writes:
> | > Comming from Oracle, I was disapointed that
> | > the users were not "per individual database".
> | > Is there any chance that this will change in
> | > the future ?
> | Most likely not. For one thing, it would be a problem to assign
> | databases.
Why can't database owners be referenced in one table
and database users (not owners) be referenced in
another table with the corresponding database
They're not the same kind of users, are they ?
Maybe I used Oracle too much in the past.
> Why ? Better user management and policy delegations would be
> postgresql to succeed in enterprise environments. Maybe one should
> start distinguishing logins from users like Sybase does. Logins are
> to all databases, and you can create a user for a given database and
> it to a login. It would also be nice to be able to assign users to
> groups(which in turn define access rights within the database).
I created database user groups and I'm satisfied
about users assignment to groups (See CREATE GROUP
and ALTER GROUP).
Regarding Privileges, I was thinking about
the content of \z "Access permissions for database"
results. We have a lot of "=arwR" for the object
owner when we granted permissions to others. The
owner obviously has all rights on his objects and
I see no reason to revoke those rights. So, I think
they don't have to be stored in access permissions
if the PostgreSQL code can check if it's the owner
asking. We wouldn't then need the '"="' anymore for
not granting anything to PUBLIC.
We then wouldn't need to have :
"REVOKE ALL on <object> from PUBLIC;"
"GRANT ALL on <object> to <owner>;"
in pg_dump output.
I'm not able to help on this because I'm no
pgsql-hacker, but I think PostgreSQL will be
better with such alteration.
Maybe it's already on someone's list but I
couldn't find information about such work in progress.
Maybe those two changes are too much for 7.1.3,
but I think they would be good candidates for 8.0 .
Please tell me if I'm pushing too far, I'm not much
used to this list etiquette.
PostgreSQL is good, I just want it to be better.
Sur WebMailS.com, mon adresse de courrier lectronique gratuite.
Service multilingue, sr, et permanent. http://www.webmails.com/
pgsql-hackers by date
|Next:||From: Peter Eisentraut||Date: 2001-07-06 17:53:14|
|Subject: Re: Problem with authentication in psql.|
|Previous:||From: Richard Huxton||Date: 2001-07-06 16:42:23|
|Subject: Re: Vacuum and Transactions|