From: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, Josh Berkus <josh(at)agliodbs(dot)com>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: db_user_namespace a "temporary measure" |
Date: | 2014-03-12 13:03:42 |
Message-ID: | 20140312130342.GE6424@eldon.alvh.no-ip.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Tom Lane wrote:
> Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> > On 03/11/2014 09:37 PM, Tom Lane wrote:
> >> In particular, I'd like to see an exclusion that prevents local users
> >> from having the same name as any global user, so that we don't have
> >> ambiguity in GRANT and similar commands. This doesn't seem simple to
> >> enforce (if we supported partial indexes on system catalogs, it would
> >> be ...) but surely this representation is more amenable to enforcing it
> >> than the existing one.
>
> > Should be workable if you're creating a local name - just check against
> > the list of global roles.
>
> Concurrent creations won't be safe without some sort of locking scheme.
> A unique index would be a lot better way of plugging that hole than a
> system-wide lock on user creation. But not sure how to define a unique
> index that allows (joe, db1) to coexist with (joe, db2) but not with
> (joe, 0).
Isn't this just a case of creating a suitable operator and an exclusion
constraint? Defining the constraint in BKI might require extra
infrastructure, but it should be possible.
--
Álvaro Herrera http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
From | Date | Subject | |
---|---|---|---|
Next Message | Tomas Vondra | 2014-03-12 13:15:06 | Re: jsonb and nested hstore |
Previous Message | Heikki Linnakangas | 2014-03-12 12:52:28 | Re: Torn page hazard in ginRedoUpdateMetapage() |