| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | "Clark C(dot) Evans" <cce(at)clarkevans(dot)com> |
| Cc: | Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>, PostgreSQL-Dev <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: GRANT role_name TO role_name ON database_name |
| Date: | 2013-06-03 13:14:24 |
| Message-ID: | 20130603131424.GD5871@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* Clark C. Evans (cce(at)clarkevans(dot)com) wrote:
> Yes, if we had per-database roles, it would work. However, I don't
> think it's necessary. We've already got role permissions specific to
> a database; so we're most of the way there.
PG has two sets of catalogs, per-databases ones and 'shared' ones.
There are role permissions in both (pg_database being one of the more
obvious 'shared' cases).
> The main piece missing
> is a way for me to assign a role to a user, but only for a specific
> database. Let me rephrase this, using a different syntax...
I'm pretty sure that I understand what you're getting at here, but I
think the direction we'd really like to go in is to have per-database
roles. There are a lot of additional advantages that would provide
along with covering your use-case. Inventing new syntax and having to
add new catalog tables without actually getting the per-DB role system
that has long been asked for seems like the wrong approach to me.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kevin Grittner | 2013-06-03 13:34:58 | Re: Vacuum, Freeze and Analyze: the big picture |
| Previous Message | Stephen Frost | 2013-06-03 12:59:44 | Re: Running pgindent |