Skip site navigation (1) Skip section navigation (2)


From: Nabil Sayegh <nsmail(at)sayegh(dot)de>
To: Francisco Reyes <fran(at)reyes(dot)somos(dot)net>
Cc: pgsql-novice(at)postgresql(dot)org
Subject: Re: CUG
Date: 2001-02-03 21:11:12
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-novice
Francisco Reyes wrote:
> I see no problems with that.
> There are several not too difficult ways to implement this, but you need
> to give us more details. I personally don't see the benefit AT ALL on
> using recursion. If someone needs access to different things which
> different groups have access to, then you add that person to the different
> groups which have ther proper rights.

If e.g. I want to restrict access to pictures to groups:

id    | group
1     | guest
2     | guest
3     | guest
4     | family
5     | friend
6     | friend
7     | family
8     | colleague
9     | guest

id       | parent_id
guest    | NULL
friend   | guest
family   | friend
colleague| guest

user_id  | group_id
Stefan   | colleague 
Stefan   | friend
Patrick  | friend
1        | guest
2        | guest
3        | guest
Peter    | family

> Perhaps I don't know enough about what you are trying to do, but recursion
> does not sound like the right thing to use.

It's clear that everybody has the permissions that guests have.
Members of family shall also(automatically) have the permissions
that friends have ...
I want the same group management like under unix.

> > Q: Should I use the built in user/group features ? (If not: What are
> > they there for?)
> To determine who has rights and what type of rights to particular tables.

Okay, then I have to implement it in the app.
> Don't really see why you would need tree structures for an access policy
> type of databases.
> Right now I can not think of many instances where recursion can make your
> life easier in databases.

How shall I know that family may see 'guest-pictures' ?

Without groups in groups its easy to SELECT the pictures somebody has
access to,
but with ?
It isn't convenient having to put every user to all groups he has access
What if later I want to give all colleagues the rights that my
friends have (stupid example, I know ...)

> Again if you give us more info about your goals we may be able to provide
> with better feedback.


 Nabil Sayegh
 GPG-Key available at 
 (see for details)

In response to

  • Re: CUG at 2001-02-03 19:16:35 from Francisco Reyes


pgsql-novice by date

Next:From: Francisco ReyesDate: 2001-02-04 00:13:01
Subject: Re: CUG
Previous:From: Francisco ReyesDate: 2001-02-03 19:16:35
Subject: Re: CUG

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group