Skip site navigation (1) Skip section navigation (2)

ALTER USER versus GRANT/REVOKE

From: Christoph Dalitz <christoph(dot)dalitz(at)hs-niederrhein(dot)de>
To: PG Mailing List <pgsql-general(at)postgresql(dot)org>
Subject: ALTER USER versus GRANT/REVOKE
Date: 2002-08-30 08:35:37
Message-ID: 20020830103537.60d5925d.christoph.dalitz@hs-niederrhein.de (view raw or flat)
Thread:
Lists: pgsql-general
Dear PG developers,

beeing used to Oracle, I am a bit confused by PG's SQL support for user rights:
Rather than with "GRANT createdb TO user" user rights are set via "ALTER USER".

Why?

I see the following problems with the current implementation:

a) It is not flexible for future extensions: you always need *two*
   keywords for the ALTER USER statement (CREATETABLE/NOCREATETABLE etc.)
   The User rights are boolean flags in pg_user, this requires changes
   in this table for every little new right (CONNECT, CREATEFUNCTION...).

b) (More important) It does not allow for roles with a user defined
   right profile. Eg. it should be possible for database administrators
   to define a custom group (eg. "developers") with specific rights:

     CREATE GROUP developers;
     GRANT CONNECT, CREATETABLE, CREATEFUNCTION to developers;

Or is there some way to accomplish this with the current implementation?

Christoph Dalitz

pgsql-general by date

Next:From: jeromeDate: 2002-08-30 09:21:55
Subject: postmaster respawn....?
Previous:From: Gary BebermanDate: 2002-08-30 06:44:32
Subject: How to uninstall PostgreSQL on OS X

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group