Re: Additional role attributes && superuser review

From: Heikki Linnakangas <hlinnaka(at)iki(dot)fi>
To: Stephen Frost <sfrost(at)snowman(dot)net>, Gavin Flower <GavinFlower(at)archidevsys(dot)co(dot)nz>
Cc: Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Peter Eisentraut <peter_e(at)gmx(dot)net>, Adam Brightwell <adam(dot)brightwell(at)crunchydatasolutions(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Petr Jelinek <petr(at)2ndquadrant(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Additional role attributes && superuser review
Date: 2015-07-10 21:06:01
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On 05/08/2015 07:35 AM, Stephen Frost wrote:
> Gavin,
> * Gavin Flower (GavinFlower(at)archidevsys(dot)co(dot)nz) wrote:
>> What if I had a company with several subsidiaries using the same
>> database, and want to prefix roles and other things with the
>> subsidiary's initials? (I am not saying this would be a good
>> architecture!!!)
> If you admit that it's not a good solution then I'm not quite sure how
> much we really want to worry about it. :)
>> For example if one subsidiary was called 'Perfect Gentleman', so I
>> would want roles prefixed by 'pg_' and would be annoyed if I
>> couldn't!
> You might try creating a schema for that user.. You'll hopefully find
> it difficult to do. :)
> In consideration of the fact that you can't create schemas which start
> with "pg_" and therefore the default search_path wouldn't work for that
> user, and that we also reserve "pg_" for tablespaces, I'm not inclined
> to worry too much about this case. Further, if we accept this argument,
> then we simply can't ever provide additional default or system roles,
> ever. That'd be a pretty narrow corner to have painted ourselves into.

Well, you could still provide them through some other mechanism, like
require typing "SYSTEM ROLE pg_backup" any time you mean that magic
role. But I agree, reserving pg_* is much better. I wish we had done it
when we invented roles (6.5?), so there would be no risk that you would
upgrade from a system that already has a "pg_foo" role. But I think it'd
still be OK.

I agree with Robert's earlier point that this needs to be split into
multiple patches, which can then be reviewed and discussed separately.
Pending that, I'm going to mark this as "Waiting on author" in the

- Heikki

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Pavel Stehule 2015-07-10 21:19:10 Re: polymorphic types - enforce casting to most common type automatically
Previous Message David E. Wheeler 2015-07-10 21:05:53 Re: pg_upgrade + Extensions