| From: | Lamar Owen <lamar(dot)owen(at)wgcr(dot)org> |
|---|---|
| To: | Vince Vielhaber <vev(at)michvhf(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Open 7.3 items |
| Date: | 2002-08-14 19:36:00 |
| Message-ID: | 200208141536.00145.lamar.owen@wgcr.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wednesday 14 August 2002 03:29 pm, Vince Vielhaber wrote:
> Hate to complicate things more, but back to a global username, say
> you have user "lowen" that should have access to all databases. What
> happens if there's already a lowen(at)somedb that's an unprivileged user.
> Assuming lowen is a db superuser, what happens in somedb? If there's
> a global user "lowen" and you try to create a lowen(at)somedb later, will
> it be allowed?
If the user 'lowen' is then expanded to 'lowen(at)template1' it would be stored
that way -- and lowen(at)template1 is different from lowen(at)pari, for instance.
The lowen(at)template1 user could be a superuser and lowen(at)pari might not -- but
they become distinct users. Although I do understand the difficulty if the
FQDU isn't stored in full in the appropriate places. So I guess the solution
is that wherever a user name is to be stored, the fully qualified form must
be used and checked against, with @template1 being a 'this user is
everywhere' shorthand.
But maybe I'm just misunderstanding the implementation.
--
Lamar Owen
WGCR Internet Radio
1 Peter 4:11
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Marc G. Fournier | 2002-08-14 19:47:51 | Re: journaling in contrib ... |
| Previous Message | Bruce Momjian | 2002-08-14 19:35:06 | Re: journaling in contrib ... |