| From: | Tony Cebzanov <tonyceb(at)andrew(dot)cmu(dot)edu> |
|---|---|
| To: | Craig Ringer <craig(at)postnewspapers(dot)com(dot)au> |
| Cc: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Advice needed on application/database authentication/authorization/auditing model |
| Date: | 2010-10-26 20:30:10 |
| Message-ID: | 4CC73A52.1010108@andrew.cmu.edu |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 10/23/10 11:01 AM, Craig Ringer wrote:
> Yep. As for not explicitly mentioning "lower" roles when granting a
> higher role (ie "admin" isn't also a "user") - role inheritance.
I knew about role inheritance, I just didn't know about the
pg_has_role() function for determining if a user has a role. That's
helpful, but I really don't want to be hitting the database with a
pg_has_role() call for every time I want to check if a user should have
access to a certain page or function in my application.
Normally, when the user logs in, I'd cache their user info, and any
roles they have, either directly or indirectly. But how can I do this
if I'm not directly making administrators members of the other groups
they inherit the rights of? In other words, is there a convenience
function or view I can use to get a list of all roles the user has
access to, both directly or indirectly?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dmitriy Igrishin | 2010-10-26 20:49:10 | Re: Advice needed on application/database authentication/authorization/auditing model |
| Previous Message | Diego Schulz | 2010-10-26 20:30:08 | Re: Why Select Count(*) from table - took over 20 minutes? |