Re: Schedule for 8.1 feature freeze

* Bruce Momjian (pgman(at)candle(dot)pha(dot)pa(dot)us) wrote:
> We have addressed all the open issues for 8.1 except for auto-vacuum,
> which Alvaro is working on, so I think we are ready for a feature freeze
> on July 1.

Bruce,

I'd really like to see role support added into 8.1. I've sent Alvaro
and Tom versions of the patch in the past and I was planning on
submitting it to -patches soon. There's a few remaining issue but I
don't think they'll take very long to clean up; I've just been
unfortunately pretty busy lately. I'm hopeful that I'll be able to
spend some time on it this week and next week to hopefully address at
least the remaining issues on my list.

Lookups need to do multi-level role resolution (for owner and other
ACL areas)
(Not very hard, and mostly isolated to the acl code)
Need to implement per-backend role-member cacheing
(Not very hard, basically same kind of way pg_namespace does
schema_path)
Support 'grant <role> to <role>'
(Shouldn't be too difficult, mainly just parser work)
Support 'with admin option'
(Somewhat difficult, but not necessary for the same functionality we
have today)
Support 'granted by'
(Not very hard, just parser work really)
Fix other parsers (ecpg, etc) based on updates to backend/parser.
(Worked on this some already, should be done real soon now)
Distinguish 'create role' permissions from 'superuser'?
(Not sure if this makes sense)

Modify \du, \dg to use new tables
(They work already using the backwards-compat views, just would be
nice to update them to the new schema).
? Add \dr, \dm
(Should be easy and would be nice I think, though perhaps not
required)

Add documentation for CREATE ROLE/etc
Document new system catalogs (pg_authid, pg_auth_members)
(Documentation updates)

There are views for pg_shadow/pg_group and things seem to be happy
with them. CREATE USER/CREATE GROUP work more-or-less as expected.
An interesting side-effect is that if you do 'create group' and then
look in the 'group' table you don't see the group till you actually
put users in it. Not entirely sure if anything actually depends on
that (You can, after all, still grant rights to the role which was
created by CREATE GROUP, and do ALTER GROUP on it, etc).

Thanks,

Stephen