Re: Roles versus users

On 8/17/19 4:56 PM, stan wrote:
> I am creating an application that will need to have access control. There
> will basically be the groups (roles ?):
>
> * normal user (can do insert on a limited sate of tables, and select on a
> slightly larger set
>
> * project manager will have some increased insert and select capabilities
>
> * sysadmin will be able to do select and insert on all tables in the schema
>
> There will be more than one person in each of these groups. My original
> intent was to create roles, and assign users to appropriate roles, using
> inheritance to add increasingly greater capabilities. That is the inheritance
> would look like this
>
> normal user <- project manager <- sysadmin
>
> But, I have run up ion a note in the documentation that says that create user
> is actually a synonym for create role.

You need to read the rest of the paragraph:

"The only difference is that when the command is spelled CREATE USER,
LOGIN is assumed by default, whereas NOLOGIN is assumed when the command
is spelled CREATE ROLE."

https://www.postgresql.org/docs/11/sql-createrole.html

"CREATE ROLE adds a new role to a PostgreSQL database cluster. A role is
an entity that can own database objects and have database privileges; a
role can be considered a “user”, a “group”, or both depending on how it
is used. ..."

>
> So, should I just create roles for each user?
>
>

--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com