Re: (Default) Group permissions

On 07/01/2013 03:36 AM, Albe Laurenz wrote:
>
> I took a look, but it takes more time than I'm willing to spend
> to actually get to your problem.
>
> Could you outline briefly what the problem is?
>

(I'm going to copy from the README a bit, but I'll try to pare it down)

I want to be able to create a database, set up the (default) group
permissions, and have them work, even when a new user is added to one of
the groups. Right now I don't know of a way to get default group
permissions.

The example I came up with requires two groups, and five users (two in
each group):

The two groups:

* admins

These guys can modify anything on the server, but the objects they
create should not necessarily be shared to others.

* customer-devs

They should be able to access anything in their own databases.

And the users:

* dba1 (admins, customer-devs)

The first system administrator. He can do whatever he wants on the
server, but if he creates an object in one of the customer's
databases, it should be visible to and writable by customer-devs.

* dba2 (admins, customer-devs)

Same as dba1.

* anonymous

The website user that will be used to read (only) data from the
customer's databases.

* alice (customer-devs)

An employee of our customer. Everything she creates in one of the
customer's databases should be writable by bob and vice-versa.

* bob (customer-devs)

Another customer employee. Same as alice.

If I could set up a database with (default) permissions that worked this
way, I'd be happy.

Right now, I can get it working temporarily with a huge mess of scripts,
but if another customer-dev gets added, I have to hop in as the
superuser and run O(n) commands again, where n is either the number of
databases or number of users (depending on which solution you choose).