From: | "Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com> |
---|---|
To: | William ZHANG <uniware(at)zedware(dot)org> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: CREATE USER and pg_user |
Date: | 2005-08-23 19:27:52 |
Message-ID: | 20050823192752.GO43820@pervasive.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Tue, Aug 23, 2005 at 09:26:07AM +0800, William ZHANG wrote:
> ""Jim Nasby"" <jnasby(at)pervasive(dot)com> write
> > Yes, but it doesn't really specify if you have to have a privilege in
> > order to grant it, although reading one of the notes[1] tends to indicate
> > that you must have a role in order to grant it. Unless I'm overlooking
> > some part of the docs?
>
> I am confused by the combination of USER and ROLE in 8.1 at first glance.
> In my memory, USER is a representation of somebody using the database,
> just as USER in OS. USER can also always login into the system, except
> the Admin prohibit it. ROLE is a collection of some priviledges. A USER
> can act as multiple ROLEs, but in real life, it cannot act as multiple ROLEs
> are the same time. That's why some system define that a USER can only
> act as one ROLE at a moment, but she can change her ROLE with
> "SET SESSION ROLE TO <anotherRole>".
>
> Maybe I will read more about SQL:2003, pgsql-8.1 doc and RBAC
> (Role Based Access Control,
> http://csrc.nist.gov/rbac/rbac-stds-roadmap.html)
> to understand it correctly.
You should take a look at
http://lnk.nu/developer.postgresql.org/3mi.html, both 17.1 and 17.2. In
particular:
"CREATE USER is equivalent to CREATE ROLE except that CREATE USER
assumes LOGIN by default, while CREATE ROLE does not."
--
Jim C. Nasby, Sr. Engineering Consultant jnasby(at)pervasive(dot)com
Pervasive Software http://pervasive.com 512-569-9461
From | Date | Subject | |
---|---|---|---|
Next Message | Jim C. Nasby | 2005-08-23 19:45:46 | Re: Pre-allocated free space for row updating (like PCTFREE) |
Previous Message | Jim C. Nasby | 2005-08-23 19:25:25 | Re: CREATE USER and pg_user |