Skip site navigation (1) Skip section navigation (2)

Re: Proposed Patchs

From: "Thomas Sondag" <thomas(dot)sondag(at)gmail(dot)com>
To: "Dave Page" <dpage(at)vale-housing(dot)co(dot)uk>
Cc: pgadmin-support(at)postgresql(dot)org
Subject: Re: Proposed Patchs
Date: 2006-05-29 09:01:58
Message-ID: 2354aa530605290201s399d3555t4db5cd2c36c4d88f@mail.gmail.com (view raw or flat)
Thread:
Lists: pgadmin-support
2006/5/24, Dave Page <dpage(at)vale-housing(dot)co(dot)uk>:
>
>
> > -----Original Message-----
> > From: pgadmin-support-owner(at)postgresql(dot)org
> > [mailto:pgadmin-support-owner(at)postgresql(dot)org] On Behalf Of
> > Thomas Sondag
> > Sent: 24 May 2006 17:28
> > To: pgadmin-support(at)postgresql(dot)org
> > Subject: [pgadmin-support] Proposed Patchs
> >
> > Hi,
> >
> > With PostgreSQL 8.1 and new ROLE object remplacing traditional
> > USER/GROUP, I was a bit confuse using the dlgProperty and
> > dlgSecurityProperty dialog because I can only select USER (ROLE with
> > LOGIN privilege) for owner and GROUP (ROLE without LOGIN privilege)
> > for privileges .
> > And I not sure this comportment can match all PostgreSQL 8.1 usages
> > scenarios (like one of my case).
> >
> > This proposed patch :
> >  - change owner and privilege list to get the full ROLE list.
>
> How is this different from the current behaviour if the Show Users for
> Privileges option is turned on? The whole point there is to promote the
> use of group based permissions rather than user based for both
> simplicity (because the list only shows the groups), and for cleanliness
> of design (users come and go, groups tend to be more permanent). In 8.1+
> of course, we simply replace users and groups with roles with or without
> the login flag.
>
Hum, I miss this option ... sorry, but the main difference with the
current behaviour is for object owning. The main idea was to set
object owner to a group like that :
database foo -> group foo
  schema bar -> group bar
  schema bar read user -> user toto

I don't know if that's a good policy, but this case may exist, we may
add an option like "Show Group for object owning" ?

This is not the appropriate list to talk about that, but I'm realy
interested in a good practice guide for privilege and owning
management for PostgreSQL, like create an admin account without
superuser right, use samerole in pg_hba.conf and so on ...

> >  - select by default currently connected ROLE in the owner list
> > (replacing the blank filed) for new object creation
>
> OK.
>
The last bug I have is for database creation, I don't know how to get
the current login.

> >  - remove pg_global in the available tablespace list
>
> Probably a good idea, yes.
>
> >  - select current user default tablespace in tablespace list
> > (replacing the blank filed, yes I don't like blank field) for new
> > object creation
>
> OK.
>
> Regards, Dave.
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: Have you checked our extensive FAQ?
>
>                http://www.postgresql.org/docs/faq
>
  Thomas

In response to

pgadmin-support by date

Next:From: Dave PageDate: 2006-05-29 19:22:10
Subject: Re: Proposed Patchs
Previous:From: plaschkeDate: 2006-05-29 07:29:05
Subject: pgadmin does not display null in boolean field

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group