| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Groups and roles |
| Date: | 2003-06-10 19:20:38 |
| Message-ID: | 4120.1055272838@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> Another issue is that users and roles share a namespace. We might have to
> deal with that sometime, but it's not a problem as far as the information
> schema is concerned.
I've been thinking for awhile that the ACL code would be simplified if
userids and groupids shared a numberspace, or whatever you want to call
it (ie, a given ID number cannot belong to both a user and a group).
I think that implementing that would require at least a partial merge
of pg_shadow and pg_group --- unless you want to get into implementing
cross-table unique indexes.
If we agreed that they share a namespace as well, the merge could be
taken further. Perhaps more usefully, the GRANT/REVOKE syntax and the
display format for ACL lists could be simplified, since there'd be no
need for a syntactic marker as to whether a given name is a user or a
group.
Not sure how many people would complain if they couldn't have a user and
a group of the same name.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2003-06-10 19:23:18 | Re: Groups and roles |
| Previous Message | Bruce Momjian | 2003-06-10 19:11:36 | Re: Proposal to Re-Order Postgresql.Conf, part II |