| From: | "William ZHANG" <uniware(at)zedware(dot)org> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: CREATE USER and pg_user |
| Date: | 2005-08-23 01:26:07 |
| Message-ID: | dedtvm$19k5$1@news.hub.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
""Jim Nasby"" <jnasby(at)pervasive(dot)com> write
> Yes, but it doesn't really specify if you have to have a privilege in
> order to grant it, although reading one of the notes[1] tends to indicate
> that you must have a role in order to grant it. Unless I'm overlooking
> some part of the docs?
I am confused by the combination of USER and ROLE in 8.1 at first glance.
In my memory, USER is a representation of somebody using the database,
just as USER in OS. USER can also always login into the system, except
the Admin prohibit it. ROLE is a collection of some priviledges. A USER
can act as multiple ROLEs, but in real life, it cannot act as multiple ROLEs
are the same time. That's why some system define that a USER can only
act as one ROLE at a moment, but she can change her ROLE with
"SET SESSION ROLE TO <anotherRole>".
Maybe I will read more about SQL:2003, pgsql-8.1 doc and RBAC
(Role Based Access Control,
http://csrc.nist.gov/rbac/rbac-stds-roadmap.html)
to understand it correctly.
Regards,
William ZHANG
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jim C. Nasby | 2005-08-23 01:34:20 | Re: CREATE USER and pg_user |
| Previous Message | Christopher Kings-Lynne | 2005-08-23 01:21:44 | Re: beginning hackers |