Skip site navigation (1) Skip section navigation (2)

Re: [PATCHES] Users/Groups -> Roles

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Fabien COELHO <coelho(at)cri(dot)ensmp(dot)fr>,PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: [PATCHES] Users/Groups -> Roles
Date: 2005-06-30 15:49:59
Message-ID: 20050630154958.GH24207@ns.snowman.net (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> Stephen Frost <sfrost(at)snowman(dot)net> writes:
> > That's controlled by pg_hba.conf though, isn't it?  The idea being that
> > you'd like to give some people the ability to create users/roles, but to
> > limit the databases those created users/roles could connect to by, say,
> > requiring they have 'usage' or 'connect' permissions to that database,
> > which could be set by the database owner; without the database owner
> > having write permissions to the pg_hba.conf.
> 
> You can do that today by putting a group name in pg_hba.conf.  Roles
> will make it more flexible; I don't see that we need anything more.
> 
> For instance, if pg_hba.conf says "samegroup" then you could manage
> everything by associating a group with each database.

Ahh, ok, good point.  Sorry, I'd forgotten about that flexibility of
pg_hba.conf.  Well, hopefully this will make some ISPs happy then. :)

	Thanks,

		Stephen

In response to

pgsql-hackers by date

Next:From: Michael GlaesemannDate: 2005-06-30 16:01:27
Subject: Re: Moving sequences to another schema
Previous:From: Tom LaneDate: 2005-06-30 15:48:07
Subject: Re: [PATCHES] Users/Groups -> Roles

pgsql-patches by date

Next:From: Simon RiggsDate: 2005-06-30 21:16:11
Subject: Re: Constraint Exclusion (Partitioning) - Initial Review
Previous:From: Tom LaneDate: 2005-06-30 15:48:07
Subject: Re: [PATCHES] Users/Groups -> Roles

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group