| From: | Thom Brown <thom(at)linux(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Simon Riggs <simon(at)2ndquadrant(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Per-Database Roles |
| Date: | 2012-05-22 13:37:18 |
| Message-ID: | CAA-aLv4Dv8q_syFDa+EBRJGaAS87H6kk_dJWqZ_hyOj8nTnotQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 22 May 2012 14:04, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> What would the semantics of that look like though? Which is "preferred"
> when you do a 'grant select' or 'grant role'? Or do we just disallow
> overlaps between per-DB roles and global roles? If we don't allow
> duplicates, I suspect a lot of the other questions suddenly become a lot
> easier to deal with, but would that be too much of a restriction? How
> would you handle migrating an existing global role to a per-database
> role?
Perhaps:
CREATE [ GLOBAL | LOCAL ] ROLE name [ LIKE role_name ] [ [ WITH ]
option [ ... ] ]
Then:
CREATE LOCAL ROLE localrolename LIKE globalrolename;
REASSIGN OWNED BY globalrolename TO localrolename;
Conflicts would occur where localrolename matches an existing local
role name within the same database, or a global role name, but not a
local role name within another database. The problem with this,
however, is that creating global roles would need conflict checks
against local roles in every database, unless a manifest of all local
roles were registered globally.
--
Thom
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2012-05-22 13:45:46 | Re: Readme of Buffer Management seems to have wrong sentence |
| Previous Message | Albe Laurenz | 2012-05-22 13:27:50 | Re: Changing the concept of a DATABASE |