Re: Proposal: two new role attributes and/or capabilities?

From: José Luis Tallón <jltallon(at)adv-solutions(dot)net>
To: David G Johnston <david(dot)g(dot)johnston(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Proposal: two new role attributes and/or capabilities?
Date: 2014-12-23 19:00:18
Message-ID: 5499BBC2.9030705@adv-solutions.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On 12/23/2014 07:01 PM, David G Johnston wrote:
> [snip]
> So you want to say:
>
> GRANT IMPERSONATE TO bouncer; --covers the "ALL" requirement
>
> instead of
>
> GRANT victim1 TO bouncer;
> GRANT victim2 TO bouncer;
> etc...
>
> -- these would still be used to cover the "limited users" requirement
> ?

|GRANT IMPERSONATE ON actual_role TO login_role|

would actually get us closer to how some other databases do, now
that I think of it. This could be just some syntactic sugar.
Might definitively ease migrations, if nothing else.

I appreciate the feedback. Thanks!

/ J.L.

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Stephen Frost 2014-12-23 19:04:20 Re: Proposal: two new role attributes and/or capabilities?
Previous Message Andreas Karlsson 2014-12-23 18:59:29 Re: Reducing lock strength of adding foreign keys