Re: Groups and roles

Just interesting if we could inplement some kind of RBAC
(role based access control). Here is the reference:
http://csrc.nist.gov/rbac/

We've used a lot simple (flat) RBAC built on top of postgresql, but
would like to see more powerful (with roles hierarchy) rbac built-in.

Oleg
On Sat, 7 Jun 2003, Tom Lane wrote:

> Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> > ... Therefore I ask whether everyone agrees
> > that groups and roles are basically equivalent concepts (and perhaps that
> > we might in the future strive to make groups more compatible with the
> > roles as defined in the SQL standard). Or does anyone see that roles
> > might be implemented separately from groups sometime?
>
> Just reading section 4.31.3 of the SQL99 draft, it seems that roles are
> pretty much interchangeable with groups, except that a role can be a
> member of another role while we don't presently allow groups to be
> members of other groups.
>
> So it seems that your question breaks down to:
>
> 1. Do we want to someday allow groups to have groups as members? (Seems
> reasonable to me.)
>
> 2. Are there any other differences between groups and roles? (I'm not
> sure about this one.)
>
> regards, tom lane
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
> (send "unregister YourEmailAddressHere" to majordomo(at)postgresql(dot)org)
>

Regards,
Oleg
_____________________________________________________________
Oleg Bartunov, sci.researcher, hostmaster of AstroNet,
Sternberg Astronomical Institute, Moscow University (Russia)
Internet: oleg(at)sai(dot)msu(dot)su, http://www.sai.msu.su/~megera/
phone: +007(095)939-16-83, +007(095)939-23-83