Re: Additional role attributes && superuser review

On 05/08/2015 07:35 AM, Stephen Frost wrote:
> Gavin,
>
> * Gavin Flower (GavinFlower(at)archidevsys(dot)co(dot)nz) wrote:
>> What if I had a company with several subsidiaries using the same
>> database, and want to prefix roles and other things with the
>> subsidiary's initials? (I am not saying this would be a good
>> architecture!!!)
>
> If you admit that it's not a good solution then I'm not quite sure how
> much we really want to worry about it. :)
>
>> For example if one subsidiary was called 'Perfect Gentleman', so I
>> would want roles prefixed by 'pg_' and would be annoyed if I
>> couldn't!
>
> You might try creating a schema for that user.. You'll hopefully find
> it difficult to do. :)
>
> In consideration of the fact that you can't create schemas which start
> with "pg_" and therefore the default search_path wouldn't work for that
> user, and that we also reserve "pg_" for tablespaces, I'm not inclined
> to worry too much about this case. Further, if we accept this argument,
> then we simply can't ever provide additional default or system roles,
> ever. That'd be a pretty narrow corner to have painted ourselves into.

Well, you could still provide them through some other mechanism, like
require typing "SYSTEM ROLE pg_backup" any time you mean that magic
role. But I agree, reserving pg_* is much better. I wish we had done it
when we invented roles (6.5?), so there would be no risk that you would
upgrade from a system that already has a "pg_foo" role. But I think it'd
still be OK.

I agree with Robert's earlier point that this needs to be split into
multiple patches, which can then be reviewed and discussed separately.
Pending that, I'm going to mark this as "Waiting on author" in the
commitfest.

- Heikki