| From: | Selena Deckelmann <selena(at)chrisking(dot)com> |
|---|---|
| To: | "David E(dot) Wheeler" <david(at)kineticode(dot)com>, pdxpug(at)postgresql(dot)org |
| Subject: | Re: authentication services |
| Date: | 2006-10-20 16:11:59 |
| Message-ID: | 85e944f997774892524eb5b74e1aaf39@chrisking.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pdxpug |
On Oct 19, 2006, at 8:47 PM, David E. Wheeler wrote:
> On Oct 19, 2006, at 17:03, Selena Deckelmann wrote:
>
>> It would be interesting if the system relied more on roles, and used
>> authentication as a way of determining what role a user belonged to.
>> Then, when a person tries to login to pgsql for the first time, it
>> looks up what their group membership is and assigns permissions
>> appropriately. And if you really wanted to, it could add the user to
>> the database. Ideally, you'd just rely on the role, so that anyone
>> with the proper role/group membership could login to the database.
>> It's really powerful when you're in an environment that has defined
>> responsibilities and rapid turnover.
>
> So you're saying map PostgreSQL roles to LDAP groups?
Yes! And get rid of the requirement to link usernames to permissions.
Do everything through roles.
-selena
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Rich Shepard | 2006-10-27 18:49:58 | Pricing Database Project |
| Previous Message | David E. Wheeler | 2006-10-20 03:47:43 | Re: authentication services |