Re: Open 7.3 items

On Wed, 14 Aug 2002, Tom Lane wrote:

> Lamar Owen <lamar(dot)owen(at)wgcr(dot)org> writes:
> > Appending '@template1' to unadorned usernames, and giving inherited rights
> > across the installation to users with template1 rights? Then you have the
> > unadorned 'lowen' becomes 'lowen(at)template1' -- but lowen(at)pari wouldn't have
> > access to template1, right?
>
> If not, standard things like "psql -l" won't work for lowen(at)pari(dot) I don't
> think we can get away with a scheme that depends on disallowing access
> to template1 for most people.
>
> It should also be noted that the whole point of this little project was
> to do something *simple* ... checking access to some other database to
> decide what we will allow is getting a bit far afield from simple.

Hate to complicate things more, but back to a global username, say
you have user "lowen" that should have access to all databases. What
happens if there's already a lowen(at)somedb that's an unprivileged user.
Assuming lowen is a db superuser, what happens in somedb? If there's
a global user "lowen" and you try to create a lowen(at)somedb later, will
it be allowed?

One possible simplification would be to make the username the full
username "lowen(at)somedb", "lowen", ... Right now we can create a
"lowen(at)somedb" and it's a different user than "lowen" and we can
already restrict a user to one database, can't we? Hmmm. Just
checked and I guess not - I thought we had a record type of "user".

Vince.
--
==========================================================================
Vince Vielhaber -- KA8CSH email: vev(at)michvhf(dot)com http://www.pop4.net
56K Nationwide Dialup from $16.00/mo at Pop4 Networking
http://www.camping-usa.com http://www.cloudninegifts.com
http://www.meanstreamradio.com http://www.unknown-artists.com
==========================================================================