| From: | Craig Ringer <craig(at)postnewspapers(dot)com(dot)au> |
|---|---|
| To: | "Davor J(dot)" <DavorJ(at)live(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Extending postgres objects with attributes |
| Date: | 2010-07-05 01:29:37 |
| Message-ID: | 4C313581.2060506@postnewspapers.com.au |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 04/07/10 21:43, Davor J. wrote:
> PS using inheritance in this scenario is problematic.
Yep. Just one issue is that roles are cluster-wide, whereas tables are
visible only inside a single database.
I generally use the role mechanism as-is, granting users access to roles
that control particular privileges. Especially now that Pg has column
privileges I rarely even need to use triggers to check for role
membership - the standard permissions model is increasingly sufficient.
If it's not for you, you could always maintain a table of additional
privilege information that new roles with default privileges are added
to when a priv check function first "sees" them. With a (say) daily pass
to remove entries associated with roles that no longer exist, that
should be fine. It's not as nice as using a proper inheritance/extension
mechanism, but it leaves you a lot safer from changes caused by
PostgreSQL upgrades.
--
Craig Ringer
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Srikanth Kata | 2010-07-05 07:16:32 | Unable to run this query |
| Previous Message | Ricardo Ramírez | 2010-07-05 01:29:25 | Re: How to know if an INSERT is done inside a function? |