Skip site navigation (1) Skip section navigation (2)

Re: CUG

From: Nabil Sayegh <nsmail(at)sayegh(dot)de>
To: Francisco Reyes <fran(at)reyes(dot)somos(dot)net>
Cc: pgsql-novice(at)postgresql(dot)org
Subject: Re: CUG
Date: 2001-02-03 21:11:12
Message-ID: 3A7C73F0.4BB0ACA5@sayegh.de (view raw or flat)
Thread:
Lists: pgsql-novice
Francisco Reyes wrote:
> I see no problems with that.
> There are several not too difficult ways to implement this, but you need
> to give us more details. I personally don't see the benefit AT ALL on
> using recursion. If someone needs access to different things which
> different groups have access to, then you add that person to the different
> groups which have ther proper rights.

If e.g. I want to restrict access to pictures to groups:

pics:
id    | group
-------------
1     | guest
2     | guest
3     | guest
4     | family
5     | friend
6     | friend
7     | family
8     | colleague
9     | guest

groups:
id       | parent_id
--------------------
guest    | NULL
friend   | guest
family   | friend
colleague| guest

assigned_groups:
user_id  | group_id
---------------------
Stefan   | colleague 
Stefan   | friend
Patrick  | friend
1        | guest
2        | guest
3        | guest
Peter    | family

> Perhaps I don't know enough about what you are trying to do, but recursion
> does not sound like the right thing to use.

It's clear that everybody has the permissions that guests have.
Members of family shall also(automatically) have the permissions
that friends have ...
I want the same group management like under unix.

> > Q: Should I use the built in user/group features ? (If not: What are
> > they there for?)
> To determine who has rights and what type of rights to particular tables.

Okay, then I have to implement it in the app.
 
> Don't really see why you would need tree structures for an access policy
> type of databases.
> Right now I can not think of many instances where recursion can make your
> life easier in databases.

How shall I know that family may see 'guest-pictures' ?

Without groups in groups its easy to SELECT the pictures somebody has
access to,
but with ?
It isn't convenient having to put every user to all groups he has access
to.
What if later I want to give all colleagues the rights that my
friends have (stupid example, I know ...)

> Again if you give us more info about your goals we may be able to provide
> with better feedback.

thx

-- 
 Nabil Sayegh
 GPG-Key available at http://www.sayegh.de 
 (see http://www.gnupg.org for details)

In response to

  • Re: CUG at 2001-02-03 19:16:35 from Francisco Reyes

Responses

pgsql-novice by date

Next:From: Francisco ReyesDate: 2001-02-04 00:13:01
Subject: Re: CUG
Previous:From: Francisco ReyesDate: 2001-02-03 19:16:35
Subject: Re: CUG

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group