* Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
| > Better user management and policy delegations would be important
| > postgresql to succeed in enterprise environments.
| Keeping compatibility is also important.
Well nobody said you can't get both ;-)
| > to all databases, and you can create a user for a given database and assign
| > it to a login.
| That doesn't strike me as terribly better. Operating system
| administrators tend to unify user management across the whole network.
| You're essentially suggesting making separate users per file system.
Well, it is important for some networks to have the ability to create users
local to a subset of the network. Let the sub networks manage themselves.
Matter of policy of course.
| > It would also be nice to be able to assign users to
| > groups(which in turn define access rights within the database).
| That would indeed be nice. That's why we have already implemented it.
Oops, sorry. RTFM.... But the set of permissions you can assign to a group is
fairly limited. E.g. I can't see that you are able to grant a user/group
create/drop table permissions for a database. Does that mean any user can
create/drop tables ? I think this is an example of a permission a DBA would
like to grant to users per database.
createuser/createdb are rights assigned to a user directly. Wouldn't it make
sense to be able to assign these rights to a group of users ?
Gunnar Rønning - gunnar(at)polygnosis(dot)com
Senior Consultant, Polygnosis AS, http://www.polygnosis.com/
In response to
pgsql-hackers by date
|Next:||From: Peter Eisentraut||Date: 2001-07-06 19:04:43|
|Subject: Re: FE/BE protocol oddity |
|Previous:||From: Tom Lane||Date: 2001-07-06 18:50:42|
|Subject: Re: Vacuum and Transactions |