| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | José Luis Tallón <jltallon(at)adv-solutions(dot)net> |
| Cc: | David G Johnston <david(dot)g(dot)johnston(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Proposal: two new role attributes and/or capabilities? |
| Date: | 2014-12-23 19:05:14 |
| Message-ID: | 20141223190514.GO3062@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* José Luis Tallón (jltallon(at)adv-solutions(dot)net) wrote:
> On 12/23/2014 07:01 PM, David G Johnston wrote:
> >[snip]
> >So you want to say:
> >
> >GRANT IMPERSONATE TO bouncer; --covers the "ALL" requirement
> >
> >instead of
> >
> >GRANT victim1 TO bouncer;
> >GRANT victim2 TO bouncer;
> >etc...
> >
> >-- these would still be used to cover the "limited users" requirement
> >?
>
> |GRANT IMPERSONATE ON actual_role TO login_role|
>
> would actually get us closer to how some other databases do, now
> that I think of it. This could be just some syntactic sugar.
> Might definitively ease migrations, if nothing else.
Uh, how is this different from GRANT actual_role TO login_role, with use
of noinherit..?
THanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2014-12-23 19:11:08 | Re: Wait free LW_SHARED acquisition - v0.10 |
| Previous Message | Stephen Frost | 2014-12-23 19:04:20 | Re: Proposal: two new role attributes and/or capabilities? |