Re: [PATCH v2] use has_privs_for_role for predefined roles

On 2/9/22 13:13, Nathan Bossart wrote:
> On Tue, Feb 08, 2022 at 10:54:50PM -0500, Robert Haas wrote:
>> On Tue, Feb 8, 2022 at 7:38 PM Joe Conway <mail(at)joeconway(dot)com> wrote:
>>> If we were to start all over again with this feature my vote would be to
>>> do things differently than we have done. I would not have called them
>>> predefined roles, and I would have used attributes of roles (e.g. make
>>> rolsuper into a bitmap rather than a boolean) rather than role
>>> membership to implement them. But I didn't find time to participate in
>>> the original discussion or review/write the code, so I have little room
>>> to complain.
>>
>> Yep, fair. I kind of like the predefined role concept myself. I find
>> it sort of elegant, mostly because I think it scales better than a
>> bitmask, which can run out of bits surprisingly rapidly. But opinions
>> can vary, of course.
>
> I do wonder if users find the differences between predefined roles and role
> attributes confusing. INHERIT doesn't govern role attributes, but it will
> govern predefined roles when this patch is applied. Maybe the role
> attribute system should eventually be deprecated in favor of using
> predefined roles for everything. Or perhaps the predefined roles should be
> converted to role attributes.

Yep, I was suggesting that the latter would have been preferable to me
while Robert seemed to prefer the former. Honestly I could be happy with
either of those solutions, but as I alluded to that is probably a
discussion for the next development cycle since I don't see us doing
that big a change in this one.

Joe
--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development