| From: | Jasen Betts <jasen(at)xnet(dot)co(dot)nz> |
|---|---|
| To: | pgsql-sql(at)postgresql(dot)org |
| Subject: | Re: PostgreSQL Security/Roles/Grants |
| Date: | 2009-11-02 10:11:23 |
| Message-ID: | hcmb8b$3rg$3@reversiblemaps.ath.cx |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
On 2009-11-01, Andrew Hall <andrewah(at)hotmail(dot)com> wrote:
> 1. Default Roles -> a role which is activated at login time. Oracle imposes=
> a limit on the number of default roles which any given user can have.
>
> 2. Non-default role -> a role which has to be explicitly activated during t=
> he lifecycle of an application in order to gain access to database resource=
> s. There are no limits on the number of non-default roles. This type of rol=
> e helps us to only provide a user with the minimal set of privileges that t=
> hey require at any given time=2C and minimise their access to database reso=
> urces.
the only way I know of to provide anything like non-default roles is
via functions declared with "security definer"
> Secondly=2C is there a limit on the number of roles which can be assigned t=
> o a user (or more accurately a 'login role') in postgreSQL?
no (2^16 maybe??) IIRC you do hit an complexity limit, O(n^2) or worse.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bryce Nesbitt | 2009-11-04 01:13:21 | Why don't I get a LATIN1 encoding here with SET ENCODING? |
| Previous Message | Stephen Frost | 2009-11-01 19:09:59 | Re: PostgreSQL Security/Roles/Grants |